diff options
author | Cy Schubert <cy@FreeBSD.org> | 2013-08-11 14:28:45 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2013-08-11 14:28:45 +0000 |
commit | 05ddbb8d93073fe6263bb3fff26e1c4c8651352e (patch) | |
tree | 1edb84380ee8d48a5e93a53f33d1b6373e330d5e /man/ipfilter.4.mandoc | |
parent | c63520fcdd8c7ba7a737717520fa3896db69342f (diff) | |
download | src-05ddbb8d93073fe6263bb3fff26e1c4c8651352e.tar.gz src-05ddbb8d93073fe6263bb3fff26e1c4c8651352e.zip |
Import IP-Filter 5.1.2 into vendor branches using the existing license that
the current version of IP-Filter in FreeBSD is under as per email received
from Darren Reed on Mon, 08 Jul 2013 23:54:16 +1000.
Approved by: glebius (Mentor), Darren Reed <darrenr@reed.wattle.id.au>
Notes
Notes:
svn path=/vendor/ipfilter/dist/; revision=254219
Diffstat (limited to 'man/ipfilter.4.mandoc')
-rw-r--r-- | man/ipfilter.4.mandoc | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/man/ipfilter.4.mandoc b/man/ipfilter.4.mandoc index 72534a759761..22e1f36450b6 100644 --- a/man/ipfilter.4.mandoc +++ b/man/ipfilter.4.mandoc @@ -30,7 +30,7 @@ send back an ICMP error/TCP reset for blocked packets .It keep packet state information for TCP, UDP and ICMP packet flows .It -keep fragment state information for any IP packet, applying the same rule +keep fragment state information for any IP packet, applying the same rule to all fragments. .It act as a Network Address Translator (NAT) @@ -57,7 +57,7 @@ On any arbitrary combination of TCP flags .It "short" (fragmented) IP packets with incomplete headers can be filtered .It -any of the 19 IP options or 8 registered IP security classes TOS (Type of +any of the 19 IP options or 8 registered IP security classes TOS (Type of Service) field in packets .El .Pp @@ -83,7 +83,7 @@ it matches a rule setup to look for suspicious packets IP Filter keeps its own set of statistics on: .Bl -bullet -offset indent -compact .It -packets blocked +packets blocked .It packets (and bytes!) used for accounting .It @@ -97,7 +97,7 @@ and much more, for packets going both in and out. .Sh Tools The current implementation provides a small set of tools, which can easily -be used and integrated with regular unix shells and tools. A brief description +be used and integrated with regular unix shells and tools. A brief description of the tools provided: .Pp .Xr ipf 8 @@ -111,7 +111,7 @@ described in is a utility to temporarily lock the IP Filter kernel tables (state tables and NAT mappings) and write them to disk. After that the system can be rebooted, and ipfs can be used to read these tables from disk and restore -them into the kernel. This way the system can be rebooted without the +them into the kernel. This way the system can be rebooted without the connections being terminated. .Pp .Xr ipfstat 8 @@ -129,7 +129,7 @@ reads buffered data from the logging device (default is /dev/ipl) for output to either: .Bl -bullet -offset indent -compact .It -screen (standard output) +screen (standard output) .It file .It @@ -152,7 +152,7 @@ aimed at. WARNING: this may crash machine(s) targeted! reads in a set of rules, from either stdin or a file and adds them to the kernels current list of active NAT rules. NAT rules can also be deleted using ipnat. The format of the configuration file to be used -with ipnat is described in +with ipnat is described in .Xr ipnat 5 . .Pp For use in your own programs (e.g. for writing of transparent application @@ -162,15 +162,15 @@ documented in Documentation on ioctl's and the format of data saved to the logging character device is provided in -.Xr ipl 4 -so that you may develop your own applications to work with or in place of any +.Xr ipl 4 +so that you may develop your own applications to work with or in place of any of the above. -Similar, the interface to the NAT code is documented in +Similar, the interface to the NAT code is documented in .Xr ipnat 4 . .Sh PACKET PROCESSING FLOW -The following diagram illustrates the flow of TCP/IP packets through the +The following diagram illustrates the flow of TCP/IP packets through the various stages introduced by IP Filter. .Pp .nf |