d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mdoc(7) police: fix markup.

Browse Source
This commit is contained in:
ru 2001-10-01 14:13:36 +00:00
parent 9e260fdb3e
commit 36c43c1d1f
1 changed files with 27 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
sbin/ipfw/ipfw.8
View File

@ -23,14 +23,12 @@
.Cm flush
.Nm
.Op Fl q
.Es \&{ \&}
.En Cm zero | resetlog | delete
.Brq Cm zero | resetlog | delete
.Op Ar number ...
.Nm
.Op Fl s Op Ar field
.Op Fl adeftN
.Es \&{ \&}
.En Cm list | show
.Brq Cm list | show
.Op Ar number ...
.Nm
.Op Fl q
@ -44,8 +42,7 @@
.Ar pipe-config-options
.Nm
.Cm pipe
.Es \&{ \&}
.En Cm delete | list | show
.Brq Cm delete | list | show
.Op Ar number ...
.Nm
.Cm queue
@ -54,8 +51,7 @@
.Ar queue-config-options
.Nm
.Cm queue
.Es \&{ \&}
.En Cm delete | list | show
.Brq Cm delete | list | show
.Op Ar number ...
.Sh DESCRIPTION
.Nm
@ -71,12 +67,13 @@ Each incoming or outgoing packet is passed through the
rules.
The number of times a packet is processed by
.Nm
varies -- basically,
varies \(em basically,
.Nm
is invoked every time the kernel functions
.Em ip_input() , ip_output()
.Fn ip_input ,
.Fn ip_output
and
.Em bdg_forward()
.Fn bdg_forward
are invoked.
This means that packets are processed once for connections having
only one endpoint on the local host, twice for connections with
@ -387,9 +384,7 @@ The search terminates and the original packet is accepted
(but see section
.Sx BUGS
below).
.It Cm fwd Ar ipaddr Ns Xo
.Op , Ns Ar port
.Xc
.It Cm fwd Ar ipaddr Ns Op , Ns Ar port
Change the next-hop on matching packets to
.Ar ipaddr ,
which can be an IP address in dotted quad or a host name.
@ -531,11 +526,8 @@ With the TCP and UDP protocols, optional
may be specified as:
.Bd -ragged -offset indent
.Sm off
.Eo \&{
.Ar port |
.Ar port No \&- Ar port |
.Ar port : mask
.Ec \&} Op , Ar port Op , Ar ...
.Brq Ar port | port No \&- Ar port | port : mask
.Op , Ar port Op , Ar ...
.Sm on
.Ed
.Pp
@ -647,10 +639,12 @@ The rule has a limited lifetime (controlled by a set of
.Xr sysctl 8
variables), and the lifetime is refreshed every time a matching
packet is found.
.Pp
.It Cm limit {src-addr src-port dst-addr dst-port} N
The firewall will only allow N connections with the same
set of parameters as specified in the rule. One or more
.It Cm limit Bro Cm src-addr | src-port | dst-addr | dst-port Brc Ar N
The firewall will only allow
.Ar N
connections with the same
set of parameters as specified in the rule.
One or more
of source and destination addresses and ports can be
specified.
.It Cm bridged
@ -875,8 +869,7 @@ pipe configuration format is the following:
.Op Cm delay Ar ms-delay
.Oo
.Cm queue
.Es \&{ \&}
.En Ar slots | size
.Brq Ar slots | size
.Oc
.Op Cm plr Ar loss-probability
.Op Cm mask Ar mask-specifier
@ -884,11 +877,7 @@ pipe configuration format is the following:
.Oo
.Cm red | gred
.Sm off
.Ar w_q No / Xo
.Ar min_th No /
.Ar max_th No /
.Ar max_p
.Xc
.Ar w_q No / Ar min_th No / Ar max_th No / Ar max_p
.Sm on
.Oc
.Ed
@ -902,8 +891,7 @@ queue configuration format is the following:
.Op Cm weight Ar weight
.Oo
.Cm queue
.Es \&{ \&}
.En Ar slots | size
.Brq Ar slots | size
.Oc
.Op Cm plr Ar loss-probability
.Op Cm mask Ar mask-specifier
@ -911,11 +899,7 @@ queue configuration format is the following:
.Oo
.Cm red | gred
.Sm off
.Ar w_q No / Xo
.Ar min_th No /
.Ar max_th No /
.Ar max_p
.Xc
.Ar w_q No / Ar min_th No / Ar max_th No / Ar max_p
.Sm on
.Oc
.Ed
@ -925,11 +909,8 @@ The following parameters can be configured for a pipe:
.It Cm bw Ar bandwidth | device
Bandwidth, measured in
.Sm off
.Oo
.Cm K | M
.Oc Eo \&{
.Cm bit/s | Byte/s
.Ec \&} .
.Op Cm K | M
.Brq Cm bit/s | Byte/s .
.Sm on
.Pp
A value of 0 (default) means unlimited bandwidth.
@ -954,10 +935,7 @@ with
to reduce
the granularity to 1ms or less).
Default value is 0, meaning no delay.
.It Cm queue Xo
.Es \&{ \&}
.En Ar slots | size Ns Cm Kbytes
.Xc
.It Cm queue Brq Ar slots | size Ns Cm Kbytes
Queue size, in
.Ar slots
or
@ -1021,14 +999,7 @@ specifies the aggregate rate for the set of queues.
.It Cm weight Ar weight
Specifies the weight to be used for flows matching this queue.
The weight must be in the range 1..100, and defaults to 1.
.It Cm red | gred Xo
.Sm off
.Ar w_q No /
.Ar min_th No /
.Ar max_th No /
.Ar max_p
.Sm on
.Xc
.It Cm red | gred Ar w_q Ns / Ns Ar min_th Ns / Ns Ar max_th Ns / Ns Ar max_p
Make use of the RED queue management algorithm.
.Ar w_q
and
@ -1129,7 +1100,7 @@ A set of
variables controls the behaviour of the firewall.
These are shown below together with their default value
(but always check with the
.Nm sysctl
.Xr sysctl 8
command what value is actually in use) and meaning:
.Bl -tag -width indent
.It Em net.inet.ip.fw.debug : No 1
@ -1237,7 +1208,7 @@ you can use the following type of rules:
.Dl "ipfw add allow tcp from any to me setup limit src-addr 4"
.Pp
The former (assuming it runs on a gateway) will allow each host
on a /24 net to open at most 10 TCP connections.
on a /24 network to open at most 10 TCP connections.
The latter can be placed on a server to make sure that a single
client does not use more than 4 simultaneous connections.
.Pp