diff options
Diffstat (limited to 'contrib/ipfilter/man')
| -rw-r--r-- | contrib/ipfilter/man/ipf.4 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipf.5 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipf.8 | 14 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipfilter.5 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipfstat.8 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipftest.1 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipmon.8 | 36 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipnat.1 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/man/ipnat.4 | 2 | ||||
| -rw-r--r-- | contrib/ipfilter/man/mkfilters.1 | 3 |
10 files changed, 50 insertions, 17 deletions
diff --git a/contrib/ipfilter/man/ipf.4 b/contrib/ipfilter/man/ipf.4 index 6cf9f204ef89..9d835506c50b 100644 --- a/contrib/ipfilter/man/ipf.4 +++ b/contrib/ipfilter/man/ipf.4 @@ -201,4 +201,4 @@ struct filterstats { }; .fi .SH SEE ALSO -ipfstat(1), ipf(1), ipf(5) +ipfstat(8), ipf(8), ipf(5) diff --git a/contrib/ipfilter/man/ipf.5 b/contrib/ipfilter/man/ipf.5 index c202be71f6a0..1ee1584d1875 100644 --- a/contrib/ipfilter/man/ipf.5 +++ b/contrib/ipfilter/man/ipf.5 @@ -481,4 +481,4 @@ qualifies all service/port names with the protocol specified. .br /etc/hosts .SH SEE ALSO -ipf(1), ipftest(1), mkfilters(1) +ipf(8), ipftest(1), mkfilters(1), ipmon(8) diff --git a/contrib/ipfilter/man/ipf.8 b/contrib/ipfilter/man/ipf.8 index b13e2ddb2f05..11a1666e2e32 100644 --- a/contrib/ipfilter/man/ipf.8 +++ b/contrib/ipfilter/man/ipf.8 @@ -10,7 +10,7 @@ ipf \- alters packet filtering lists for IP packet input and output <block|pass|nomatch> ] [ .B \-F -<i|o|a> +<i|o|a|s|S> ] .B \-f <\fIfilename\fP> @@ -43,13 +43,21 @@ Disable the filter (if enabled). Not effective for loadable kernel versions. .B \-E Enable the filter (if disabled). Not effective for loadable kernel versions. .TP -.BR \-F \0<param> +.BR \-F \0<i|o|a> This option specifies which filter list to flush. The parameter should either be "i" (input), "o" (output) or "a" (remove all filter rules). Either a single letter or an entire word starting with the appropriate letter maybe used. This option maybe before, or after, any other with the order on the command line being that used to execute options. .TP +.BR \-F \0<s|S> +To flush entries from the state table, the \fB-F\fP option is used in +conjuction with either "s" (removes state information about any non-fully +established connections) or "S" (deletes the entire state table). Only +one of the two options may be given. A fully established connection +will show up in \fBipfstat -s\fP output as 4/4, with deviations either +way indicating it is not fully established any more. +.TP .BR \-f \0<filename> This option specifies which files \fBipf\fP should use to get input from for modifying the packet filter rule @@ -99,7 +107,7 @@ Zero global statistics held in the kernel for filtering only (this doesn't affect fragment or state statistics). .DT .SH SEE ALSO -ipfstat(1), ipftest(1), ipf(5), mkfilters(1) +ipfstat(8), ipftest(1), ipf(5), mkfilters(1) .SH DIAGNOSTICS .PP Needs to be run as root for the packet filtering lists to actually diff --git a/contrib/ipfilter/man/ipfilter.5 b/contrib/ipfilter/man/ipfilter.5 index 40175e48d8df..2826359ad16a 100644 --- a/contrib/ipfilter/man/ipfilter.5 +++ b/contrib/ipfilter/man/ipfilter.5 @@ -4,4 +4,4 @@ IP FIlter .SH DESCRIPTION .PP .SH SEE ALSO -ipf(1), ipf(1), ipf(5), ipnat(1), ipnat(5), mkfilters(1) +ipf(8), ipf(1), ipf(5), ipnat(1), ipnat(5), mkfilters(1) diff --git a/contrib/ipfilter/man/ipfstat.8 b/contrib/ipfilter/man/ipfstat.8 index c8679f1c0a21..166a114b26b6 100644 --- a/contrib/ipfilter/man/ipfstat.8 +++ b/contrib/ipfilter/man/ipfstat.8 @@ -71,6 +71,6 @@ kernel. .br /vmunix .SH SEE ALSO -ipf(1) +ipf(8) .SH BUGS none known. diff --git a/contrib/ipfilter/man/ipftest.1 b/contrib/ipfilter/man/ipftest.1 index 912b3a3542c3..e77ef96bc4be 100644 --- a/contrib/ipfilter/man/ipftest.1 +++ b/contrib/ipfilter/man/ipftest.1 @@ -121,7 +121,7 @@ Specify the filename from which to take input. Default is stdin. Specify the filename from which to read filter rules. .SH FILES .SH SEE ALSO -ipf(1), ipf(5), snoop(1m), tcpdump(8), etherfind(8c) +ipf(8), ipf(5), snoop(1m), tcpdump(8), etherfind(8c) .SH BUGS Not all of the input formats are sufficiently capable of introducing a wide enough variety of packets for them to be all useful in testing. diff --git a/contrib/ipfilter/man/ipmon.8 b/contrib/ipfilter/man/ipmon.8 index 32f4cbdfc549..a4f7fc46ea0d 100644 --- a/contrib/ipfilter/man/ipmon.8 +++ b/contrib/ipfilter/man/ipmon.8 @@ -4,7 +4,15 @@ ipmon \- monitors /dev/ipl for logged packets .SH SYNOPSIS .B ipmon [ -.B \-aFhnNsStvxX +.B \-aFhnstvxX +] [ +.B "\-o [NSI]" +] [ +.B "\-O [NSI]" +] [ +.B "\-N <device>" +] [ +.B "\-S <device>" ] [ .B "\-f <device>" ] [ @@ -27,22 +35,40 @@ Open all of the device logfiles for reading log entries from. All entries are displayed to the same output 'device' (stderr or syslog). .TP .B "\-f <device>" -specify an alternative device/file from which to read the log information. +specify an alternative device/file from which to read the log information +for normal IP Filter log records. .TP .B \-F Flush the current packet log buffer. The number of bytes flushed is displayed, even should the result be zero. .TP +.B "\-N <device>" +Set the logfile to be opened for reading NAT log records from to <device>. +.TP .B \-n IP addresses and port numbers will be mapped, where possible, back into hostnames and service names. .TP -.B \-N -Treat the logfile as being composed of NAT log records. +.B "\-N <device>" +Set the logfile to be opened for reading NAT log records from to <device>. +.TP +.B \-o +Specify which log files to actually read data from. N - NAT logfile, +S - State logfile, I - normal IP Filter logfile. The \fB-a\fP option is +equivalent to using \fB-o NSI\fP. +.TP +.B \-O +Specify which log files you do not wish to read from. This is most sensibly +used with the \fB-a\fP. Letters available as paramters to this are the same +as for \fB-o\fP. .TP .B \-s Packet information read in will be sent through syslogd rather than saved to a file. The following levels are used: +.TP +.B "\-S <device>" +Set the logfile to be opened for reading state log records from to <device>. +.TP .IP .B LOG_INFO \- packets logged using the "log" keyword as the action rather @@ -76,5 +102,5 @@ recorded data. .SH FILES /dev/ipl .SH SEE ALSO -ipf(1), ipfstat(1) +ipf(8), ipfstat(8) .SH BUGS diff --git a/contrib/ipfilter/man/ipnat.1 b/contrib/ipfilter/man/ipnat.1 index c61e03bcd359..9b29f4d21278 100644 --- a/contrib/ipfilter/man/ipnat.1 +++ b/contrib/ipfilter/man/ipnat.1 @@ -42,4 +42,4 @@ Remove matching NAT rules rather than add them to the internal lists Turn verbose mode on. Displays information relating to rule processing. .DT .SH SEE ALSO -ipfstat(1), ipftest(1), ipf(1), ipnat(5) +ipfstat(1), ipftest(8), ipf(8), ipnat(5) diff --git a/contrib/ipfilter/man/ipnat.4 b/contrib/ipfilter/man/ipnat.4 index ea789365ffd8..6af517f23db2 100644 --- a/contrib/ipfilter/man/ipnat.4 +++ b/contrib/ipfilter/man/ipnat.4 @@ -88,4 +88,4 @@ typedef struct natstat { It would be nice if there were more flexibility when adding and deleting filter rules. .SH SEE ALSO -ipfstat(1), ipf(1), ipf(4), ipnat(5) +ipfstat(8), ipf(8), ipf(4), ipnat(5) diff --git a/contrib/ipfilter/man/mkfilters.1 b/contrib/ipfilter/man/mkfilters.1 index e55054c2a99c..52c7a8f7e18f 100644 --- a/contrib/ipfilter/man/mkfilters.1 +++ b/contrib/ipfilter/man/mkfilters.1 @@ -9,5 +9,4 @@ mkfilters \- generate a minimal firewall ruleset for ipfilter use with \fBipfilter\fP by parsing the output of \fBifconfig\fP. .DT .SH SEE ALSO -ipf(1), ipf(5), ipfilter(5), ifconfig(8) - +ipf(8), ipf(5), ipfilter(5), ifconfig(8) |