hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2025-01-11 17:04:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Minor mdoc/style fixes.

Browse Source
This commit is contained in:
Mike Pritchard 1996-12-23 02:03:15 +00:00
parent 2c966b7fdc
commit bc41bb3f92
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=20837
2 changed files with 42 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sbin/i386/ft/ft.8
View File

@ -50,7 +50,9 @@ and has nothing to do with the QIC standards.
.Pp .Pp
.Nm ft .Nm ft
is used primarily as a filter for tape i/o. is used primarily as a filter for tape i/o.
For example, to save and compress the /usr directory to tape: For example, to save and compress the
.Pa /usr
directory to tape:
.Bd -literal -offset indent .Bd -literal -offset indent
% tar cvzf - /usr | ft "/usr save" % tar cvzf - /usr | ft "/usr save"
.Ed .Ed

87
sbin/ipfw/ipfw.8
View File

@ -11,38 +11,28 @@
flush flush
.Nm ipfw .Nm ipfw
zero zero
.Oo .Op Ar number
.Ar number
.Oc
.Nm ipfw .Nm ipfw
delete delete
.Ar number .Ar number
.Nm ipfw .Nm ipfw
.Oo .Op Fl aftN
.Fl aftN
.Oc
list list
.Nm ipfw .Nm ipfw
add add
.Oo .Op Ar number
.Ar number
.Oc
.Ar action .Ar action
.Oo .Op Ar log
log
.Oc
.Ar proto .Ar proto
from from
.Ar src .Ar src
to to
.Ar dst .Ar dst
.Oo .Oo
via via
.Ar name|ipno .Ar name | ipno
.Oc
.Oo
.Ar options
.Oc .Oc
.Op Ar options
.Sh DESCRIPTION .Sh DESCRIPTION
If used as shown in the first synopsis line, the If used as shown in the first synopsis line, the
.Ar file .Ar file
@ -83,7 +73,7 @@ One rule is always present:
.Bd -literal -offset center .Bd -literal -offset center
65535 deny all from any to any 65535 deny all from any to any
.Ed .Ed
.Pp
This rule is the default policy, i.e., don't allow anything at all. This rule is the default policy, i.e., don't allow anything at all.
Your job in setting up rules is to modify this policy to match your needs. Your job in setting up rules is to modify this policy to match your needs.
.Pp .Pp
@ -105,33 +95,33 @@ Try to resolve addresses and service names in output.
.Pp .Pp
.Ar action : .Ar action :
.Bl -hang -offset flag -width 1234567890123456 .Bl -hang -offset flag -width 1234567890123456
.It Nm allow .It Ar allow
Allow packets that match rule. Allow packets that match rule.
The search terminates. The search terminates.
.It Nm pass .It Ar pass
Same as allow. Same as allow.
.It Nm accept .It Ar accept
Same as allow. Same as allow.
.It Nm count .It Ar count
Update counters for all packets that match rule. Update counters for all packets that match rule.
The search continues with the next rule. The search continues with the next rule.
.It Nm deny .It Ar deny
Discard packets that match this rule. Discard packets that match this rule.
The search terminates. The search terminates.
.It Nm reject .It Ar reject
Discard packets that match this rule, and try to send an ICMP notice. Discard packets that match this rule, and try to send an ICMP notice.
The search terminates. The search terminates.
.It Nm divert port .It Ar divert port
Divert packets that match this rule to the divert socket bound to port Divert packets that match this rule to the divert socket bound to port
.Ar port . .Ar port .
The search terminates. The search terminates.
.El .El
.Pp .Pp
When a packet matches a rule with the When a packet matches a rule with the
.Nm log .Ar log
keyword, a message will be printed on the console. keyword, a message will be printed on the console.
If the kernel was compiled with the If the kernel was compiled with the
.Nm IP_FIREWALL_VERBOSE_LIMIT .Dv IP_FIREWALL_VERBOSE_LIMIT
option, then logging will cease after the number of packets option, then logging will cease after the number of packets
specified by the option are received for that particular specified by the option are received for that particular
chain entry. Logging may then be re-enabled by clearing chain entry. Logging may then be re-enabled by clearing
@ -139,17 +129,17 @@ the packet counter for that entry.
.Pp .Pp
.Ar proto : .Ar proto :
.Bl -hang -offset flag -width 1234567890123456 .Bl -hang -offset flag -width 1234567890123456
.It Nm ip .It Ar ip
All packets match. All packets match.
.It Nm all .It Ar all
All packets match. All packets match.
.It Nm tcp .It Ar tcp
Only TCP packets match. Only TCP packets match.
.It Nm udp .It Ar udp
Only UDP packets match. Only UDP packets match.
.It Nm icmp .It Ar icmp
Only ICMP packets match. Only ICMP packets match.
.It Nm <number|name> .It Ar <number|name>
Only packets for the specified protocol matches (see Only packets for the specified protocol matches (see
.Pa /etc/protocols .Pa /etc/protocols
for a complete list). for a complete list).
@ -193,8 +183,9 @@ Service names (from
may not be used instead of a numeric port value. may not be used instead of a numeric port value.
Also, note that a range may only be specified as the first value, Also, note that a range may only be specified as the first value,
and the port list is limited to and the port list is limited to
.Nm IP_FW_MAX_PORTS .Dv IP_FW_MAX_PORTS
(as defined in /usr/src/sys/netinet/ip_fw.h) (as defined in
.Pa /usr/src/sys/netinet/ip_fw.h )
ports. ports.
.Pp .Pp
If ``via'' If ``via''
@ -225,13 +216,13 @@ Matches if the IP header contains the comma separated list of
options specified in options specified in
.Ar spec . .Ar spec .
The supported IP options are: The supported IP options are:
.Nm ssrr .Ar ssrr
(strict source route), (strict source route),
.Nm lsrr .Ar lsrr
(loose source route), (loose source route),
.Nm rr .Ar rr
(record packet route), and (record packet route), and
.Nm ts .Ar ts
(timestamp). (timestamp).
The absence of a particular option may be denoted The absence of a particular option may be denoted
with a ``!''. with a ``!''.
@ -246,13 +237,13 @@ Matches if the TCP header contains the comma separated list of
flags specified in flags specified in
.Ar spec . .Ar spec .
The supported TCP flags are: The supported TCP flags are:
.Nm fin , .Ar fin ,
.Nm syn , .Ar syn ,
.Nm rst , .Ar rst ,
.Nm psh , .Ar psh ,
.Nm ack , .Ar ack ,
and and
.Nm urg . .Ar urg .
The absence of a particular flag may be denoted The absence of a particular flag may be denoted
with a ``!''. with a ``!''.
.It icmptypes Ar types .It icmptypes Ar types
@ -264,7 +255,7 @@ or individual types separated by commas.
.Sh CHECKLIST .Sh CHECKLIST
Here are some important points to consider when designing your Here are some important points to consider when designing your
rules: rules:
.Bl -bullet -hang -offset flag -width 1234567890123456 .Bl -bullet -hang -offset flag
.It .It
Remember that you filter both packets going in and out. Remember that you filter both packets going in and out.
Most connections need packets going in both directions. Most connections need packets going in both directions.
@ -288,12 +279,12 @@ I recommend this command line:
modload /lkm/ipfw_mod.o && \e modload /lkm/ipfw_mod.o && \e
ipfw add 32000 allow all from any to any ipfw add 32000 allow all from any to any
.Ed .Ed
.Pp
Along the same lines, doing an Along the same lines, doing an
.Bd -literal -offset center .Bd -literal -offset center
ipfw flush ipfw flush
.Ed .Ed
.Pp
in similar surroundings is also a bad idea. in similar surroundings is also a bad idea.
.Sh PACKET DIVERSION .Sh PACKET DIVERSION
A divert socket bound to the specified port will receive all packets diverted A divert socket bound to the specified port will receive all packets diverted