CVS commit: src/usr.sbin/npf/npfctl

Sun, 01 Feb 2015 14:57:43 -0800 

Module Name:    src
Committed By:   rmind
Date:           Sun Feb  1 22:57:22 UTC 2015

Modified Files:
        src/usr.sbin/npf/npfctl: npf.conf.5

Log Message:
npf.conf(5): mention alg, include in the example, minor fix.


To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/usr.sbin/npf/npfctl/npf.conf.5

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.sbin/npf/npfctl/npf.conf.5
diff -u src/usr.sbin/npf/npfctl/npf.conf.5:1.43 src/usr.sbin/npf/npfctl/npf.conf.5:1.44
--- src/usr.sbin/npf/npfctl/npf.conf.5:1.43	Fri Dec 26 22:44:54 2014
+++ src/usr.sbin/npf/npfctl/npf.conf.5	Sun Feb  1 22:57:21 2015
@@ -1,6 +1,6 @@
-.\"    $NetBSD: npf.conf.5,v 1.43 2014/12/26 22:44:54 christos Exp $
+.\"    $NetBSD: npf.conf.5,v 1.44 2015/02/01 22:57:21 rmind Exp $
 .\"
-.\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2009-2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This material is based upon work partially supported by The
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 26, 2014
+.Dd February 1, 2015
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -232,7 +232,8 @@ is more flexible.
 ; Syntax of a single line.  Lines can be separated by LF (\\n) or
 ; a semicolon.  Comments start with a hash (#) character.
 
-syntax		= var-def | table-def | map | group | rproc | comment
+syntax		= var-def | set-param | alg | table-def |
+		  map | group | rproc | comment
 
 ; Variable definition.  Names can be alpha-numeric, including "_" character.
 
@@ -240,8 +241,12 @@ var-name	= "$" . string
 interface	= interface-name | var-name
 var-def		= var "=" ( var-value | "{" value *[ "," value ] "}" )
 
-; Parameter setting
-set-statement	= "set" parameter value
+; Parameter setting.
+set-param	= "set" param-value
+
+; Application level gateway.  The name should be in the double quotes.
+
+alg		= "alg" alg-name
 
 ; Table definition.  Table ID shall be numeric.  Path is in the double quotes.
 
@@ -306,8 +311,8 @@ directory containing further examples
 .\" -----
 .Sh EXAMPLES
 .Bd -literal
-$ext_if = { inet4(wm0), inet6(wm0) }
-$int_if = { inet4(wm1), inet6(wm1) }
+$ext_if = { inet4(wm0) }
+$int_if = { inet4(wm1) }
 
 table <blacklist> type hash file "/etc/npf_blacklist"
 table <limited> type tree dynamic
@@ -316,6 +321,8 @@ $services_tcp = { http, https, smtp, dom
 $services_udp = { domain, ntp, 6000 }
 $localnet = { 10.1.1.0/24 }
 
+alg "icmp"
+
 # Note: if $ext_if has multiple IP address (e.g. IPv6 as well),
 # then the translation address has to be specified explicitly.
 map $ext_if dynamic 10.1.1.0/24 -> $ext_if

Reply via email to