Module Name: src
Committed By: jruoho
Date: Tue Mar 22 07:40:10 UTC 2011
Modified Files:
src/usr.sbin/npf/npfctl: npfctl.8
Log Message:
Use 'offset indent' for the list of commands. Emphasize valid commands.
Remove PERFORMANCE (too small paragraph to warrant a section).
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/usr.sbin/npf/npfctl/npfctl.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/usr.sbin/npf/npfctl/npfctl.8
diff -u src/usr.sbin/npf/npfctl/npfctl.8:1.4 src/usr.sbin/npf/npfctl/npfctl.8:1.5
--- src/usr.sbin/npf/npfctl/npfctl.8:1.4 Tue Jan 18 20:33:45 2011
+++ src/usr.sbin/npf/npfctl/npfctl.8 Tue Mar 22 07:40:10 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: npfctl.8,v 1.4 2011/01/18 20:33:45 rmind Exp $
+.\" $NetBSD: npfctl.8,v 1.5 2011/03/22 07:40:10 jruoho Exp $
.\"
.\" Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd January 18, 2011
+.Dd March 22, 2011
.Dt NPFCTL 8
.Os
.Sh NAME
@@ -49,16 +49,16 @@
.Ar command ,
specifies the action to take.
Valid commands are:
-.Bl -tag -width reload
-.It start
+.Bl -tag -width reload -offset 3n
+.It Ic start
Enable packet inspection using the currently loaded configuration, if any.
Note that this command does not load or reload the configuration,
or affect existing sessions.
-.It stop
+.It Ic stop
Disable packet inspection.
This command does not change the currently loaded configuration,
or affect existing sessions.
-.It reload Op Ar path
+.It Ic reload Op Ar path
Load or reload configuration from file.
The configuration file at
.Pa /etc/npf.conf
@@ -70,46 +70,45 @@
Note that change of filter criteria will not expire associated sessions.
The reload operation (i.e., replacing the ruleset, NAT policies and tables)
is atomic.
-.It flush
+.It Ic flush
Flush configuration.
That is, remove all rules, tables and expire all sessions.
This command does not disable packet inspection.
-.It table Ar tid
+.It Ic table Ar tid
List all entries in the currently loaded table specified by
.Ar tid .
Fail if
.Ar tid
does not exist.
-.It table Ar tid Aq Ar addr/mask
+.It Ic table Ar tid Aq Ar addr/mask
Query the table
.Ar tid
for a specific IPv4 CIDR, specified by
.Ar addr/mask .
If no mask is specified, a single host is assumed.
-.It table Ar tid Ar [ add | rem ] Aq Ar addr/mask
+.It Ic table Ar tid Ar [ add | rem ] Aq Ar addr/mask
In table
.Ar tid ,
add or remove the IPv4 CIDR specified by
.Aq Ar addr/mask .
-.It sess-save
+.It Ic sess-save
Save all active sessions.
The data will be stored in the
.Pa /var/db/npf_sessions.db
file.
Administrator may want to stop the packet inspection before the
session saving.
-.It sess-load
+.It Ic sess-load
Load saved sessions from the file.
Note that original configuration should be loaded before the session loading.
In a case of NAT policy changes, sessions which lose an associated policy
will not be loaded.
Any existing sessions during the load operation will be expired.
Administrator may want to start packet inspection after the session loading.
-.It stats
+.It Ic stats
Print various statistics.
.El
-.\" -----
-.Sh PERFORMANCE
+.Pp
Reloading the configuration is a relatively expensive operation.
Therefore, frequent reloads should be avoided.
Use of tables should be considered as an alternative design.
