d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Manpage cleanup, move $Id$ to #ifndef lint, remove unused includes,

Browse Source 
grammatical fixes.

Submitted by:	Philippe Charnier
This commit is contained in:
Kris Kennaway 1999-05-29 08:12:38 +00:00
parent 6deb5a62cc
commit 39aa78dd44
2 changed files with 27 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
sbin/ipfw/ipfw.8
View File

@ -1,5 +1,5 @@
.\" .\"
.\" $Id: ipfw.8,v 1.50 1999/04/28 02:49:29 ghelmer Exp $ .\" $Id: ipfw.8,v 1.51 1999/04/29 19:14:17 ghelmer Exp $
.\" .\"
.Dd July 20, 1996 .Dd July 20, 1996
.Dt IPFW 8 SMM .Dt IPFW 8 SMM
@ -15,7 +15,7 @@
.Op Fl D Ar macro Ns Op Ns =value .Op Fl D Ar macro Ns Op Ns =value
.Op Fl U Ar macro .Op Fl U Ar macro
.Oc .Oc
file .Ar file
.Nm ipfw .Nm ipfw
.Oo .Oo
.Fl f .Fl f
@ -254,7 +254,7 @@ activated in particular circumstances, such as if you use the firewall
system as an on-demand denial-of-service filter that is normally wide open. system as an on-demand denial-of-service filter that is normally wide open.
.Pp .Pp
The following options are available: The following options are available:
.Bl -tag -width flag .Bl -tag -width indent
.It Fl a .It Fl a
While listing, show counter values. See also While listing, show counter values. See also
.Dq show .Dq show
@ -265,7 +265,8 @@ Don't ask for confirmation for commands that can cause problems if misused
.Ar Note , .Ar Note ,
if there is no tty associated with the process, this is implied. if there is no tty associated with the process, this is implied.
.It Fl q .It Fl q
While adding, zeroing or flushing, be quiet about actions (implies '-f'). While adding, zeroing or flushing, be quiet about actions (implies
.Fl f Ns ).
This is useful for adjusting rules by executing multiple This is useful for adjusting rules by executing multiple
.Nm .Nm
commands in a script commands in a script
@ -352,7 +353,7 @@ Send a copy of packets matching this rule to the
.Xr divert 4 .Xr divert 4
socket bound to port socket bound to port
.Ar port . .Ar port .
The search continues with the next rule. This feature is not yet implemeted. The search continues with the next rule. This feature is not yet implemented.
.It Ar fwd ipaddr Op ,port .It Ar fwd ipaddr Op ,port
Change the next-hop on matching packets to Change the next-hop on matching packets to
.Ar ipaddr , .Ar ipaddr ,
@ -376,7 +377,7 @@ also map addresses to local ports when packets are generated locally.
The search terminates if this rule matches. If the port number is not The search terminates if this rule matches. If the port number is not
given then the port number in the packet is used, so that a packet for given then the port number in the packet is used, so that a packet for
an external machine port Y would be forwarded to local port Y. The kernel an external machine port Y would be forwarded to local port Y. The kernel
must have been compiled with optiions IPFIREWALL_FORWARD. must have been compiled with options IPFIREWALL_FORWARD.
.It Ar skipto number .It Ar skipto number
Skip all subsequent rules numbered less than Skip all subsequent rules numbered less than
.Ar number . .Ar number .
@ -529,7 +530,7 @@ interface can only be tested on outgoing packets. So
.Ar out .Ar out
is required (and is required (and
.Ar in .Ar in
invalid) whenver invalid) whenever
.Ar xmit .Ar xmit
is used. Specifying is used. Specifying
.Ar via .Ar via
@ -547,18 +548,18 @@ Additional
.Ar options : .Ar options :
.Bl -hang -offset flag -width 1234567890123456 .Bl -hang -offset flag -width 1234567890123456
.It frag .It frag
Matches if the packet is a fragment and this is not the first fragment Match if the packet is a fragment and this is not the first fragment
of the datagram. of the datagram.
.Ar frag .Ar frag
may not be used in conjunction with either may not be used in conjunction with either
.Ar tcpflags .Ar tcpflags
or TCP/UDP port specifications. or TCP/UDP port specifications.
.It in .It in
Matches if this packet was on the way in. Match if this packet was on the way in.
.It out .It out
Matches if this packet was on the way out. Match if this packet was on the way out.
.It ipoptions Ar spec .It ipoptions Ar spec
Matches if the IP header contains the comma separated list of Match if the IP header contains the comma separated list of
options specified in options specified in
.Ar spec . .Ar spec .
The supported IP options are: The supported IP options are:
@ -574,13 +575,13 @@ The absence of a particular option may be denoted
with a with a
.Dq ! . .Dq ! .
.It established .It established
Matches packets that have the RST or ACK bits set. Match packets that have the RST or ACK bits set.
TCP packets only. TCP packets only.
.It setup .It setup
Matches packets that have the SYN bit set but no ACK bit. Match packets that have the SYN bit set but no ACK bit.
TCP packets only. TCP packets only.
.It tcpflags Ar spec .It tcpflags Ar spec
Matches if the TCP header contains the comma separated list of Match if the TCP header contains the comma separated list of
flags specified in flags specified in
.Ar spec . .Ar spec .
The supported TCP flags are: The supported TCP flags are:
@ -601,7 +602,7 @@ a non-zero offset. See the
.Ar frag .Ar frag
option for details on matching fragmented packets. option for details on matching fragmented packets.
.It icmptypes Ar types .It icmptypes Ar types
Matches if the ICMP type is in the list Match if the ICMP type is in the list
.Ar types . .Ar types .
The list may be specified as any combination of ranges The list may be specified as any combination of ranges
or individual types separated by commas. or individual types separated by commas.
@ -728,6 +729,6 @@ API based upon code written by
.An Daniel Boulet .An Daniel Boulet
for BSDI. for BSDI.
.Sh HISTORY .Sh HISTORY
.Nm .Nm Ipfw
first appeared in first appeared in
.Fx 2.0 . .Fx 2.0 .

19
sbin/ipfw/ipfw.c
View File

@ -16,12 +16,15 @@
* *
* NEW command line interface for IP firewall facility * NEW command line interface for IP firewall facility
* *
* $Id: ipfw.c,v 1.65 1999/01/22 01:46:32 archie Exp $
*
*/ */
#ifndef lint
static const char rcsid[] =
"$Id$";
#endif /* not lint */
#include <sys/types.h> #include <sys/types.h>
#include <sys/queue.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/sockio.h> #include <sys/sockio.h>
#include <sys/time.h> #include <sys/time.h>
@ -37,14 +40,12 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdarg.h> #include <stdarg.h>
#include <string.h> #include <string.h>
#include <sysexits.h>
#include <time.h>
#include <unistd.h> #include <unistd.h>
#include <sysexits.h>
#include <net/if.h> #include <net/if.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <netinet/in_systm.h> #include <netinet/in_systm.h>
#include <netinet/ip_var.h>
#include <netinet/ip.h> #include <netinet/ip.h>
#include <netinet/ip_icmp.h> #include <netinet/ip_icmp.h>
#include <netinet/ip_fw.h> #include <netinet/ip_fw.h>
@ -183,7 +184,7 @@ show_ipfw(struct ip_fw *chain, int pcwidth, int bcwidth)
int ndp = IP_FW_GETNDSTP(chain); int ndp = IP_FW_GETNDSTP(chain);
if (do_resolv) if (do_resolv)
setservent(1/*stayopen*/); setservent(1/*stay open*/);
printf("%05u ", chain->fw_number); printf("%05u ", chain->fw_number);
@ -1406,7 +1407,7 @@ ipfw_main(ac,av)
ac -= optind; ac -= optind;
if (*(av+=optind)==NULL) { if (*(av+=optind)==NULL) {
show_usage("Bad arguments"); show_usage("bad arguments");
} }
if (!strncmp(*av, "pipe", strlen(*av))) { if (!strncmp(*av, "pipe", strlen(*av))) {
@ -1468,7 +1469,7 @@ ipfw_main(ac,av)
do_acct++; do_acct++;
list(--ac,++av); list(--ac,++av);
} else { } else {
show_usage("Bad arguments"); show_usage("bad arguments");
} }
return 0; return 0;
} }