[src/trunk]: src/dist/pf/share/man/man4 Improve the pfsync(4) man page

[degroote <degroote%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/bf0de7972534
branches:  trunk
changeset: 747420:bf0de7972534
user:      degroote <degroote%NetBSD.org@localhost>
date:      Mon Sep 14 11:45:01 2009 +0000

description:
Improve the pfsync(4) man page

hostname.if(5) is ifconfig.if(5) on NetBSD
Don't speak about enc, as we don't support it at the moment
Make clear that we don't support ipsec protection of pfsync traffic (as long we
doesn't support enc, or similar thing)

Catched by wiz@

diffstat:

 dist/pf/share/man/man4/pfsync.4 |  43 +++++++++++++++++++++-------------------
 1 files changed, 23 insertions(+), 20 deletions(-)

diffs (107 lines):

diff -r b32bb26e9960 -r bf0de7972534 dist/pf/share/man/man4/pfsync.4
--- a/dist/pf/share/man/man4/pfsync.4   Mon Sep 14 11:38:29 2009 +0000
+++ b/dist/pf/share/man/man4/pfsync.4   Mon Sep 14 11:45:01 2009 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: pfsync.4,v 1.2 2009/09/14 11:17:42 wiz Exp $
+.\"    $NetBSD: pfsync.4,v 1.3 2009/09/14 11:45:01 degroote Exp $
 .\"    $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $
 .\"
 .\" Copyright (c) 2002 Michael Shalayeff
@@ -108,16 +108,16 @@
 used is 224.0.0.240.
 When a peer address is specified using the
 .Ic syncpeer
-keyword, the peer address is used as a destination for the pfsync traffic,
-and the traffic can then be protected using
-.Xr ipsec 4 .
-In such a configuration, the syncdev should be set to the
-.Xr enc 4
-interface, as this is where the traffic arrives when it is decapsulated,
-e.g.:
-.Bd -literal -offset indent
-# ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0
-.Ed
+keyword, the peer address is used as a destination for the pfsync traffic.
+.\"and the traffic can then be protected using
+.\".Xr ipsec 4 .
+.\"In such a configuration, the syncdev should be set to the
+.\".Xr enc 4
+.\"interface, as this is where the traffic arrives when it is decapsulated,
+.\"e.g.:
+.\".Bd -literal -offset indent
+.\"# ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0
+.\".Ed
 .Pp
 It is important that the pfsync traffic be well secured
 as there is no authentication on the protocol and it would
@@ -125,7 +125,9 @@
 Either run the pfsync protocol on a trusted network \- ideally  a network
 dedicated to pfsync messages such as a crossover cable between two firewalls,
 or specify a peer address and protect the traffic with
-.Xr ipsec 4 .
+.Xr ipsec 4 (it is not supported at the moment on
+.Nx
+due to the lack of any encapsulation pseudo-device).
 .Pp
 There is a one-to-one correspondence between packets seen by
 .Xr bpf 4
@@ -161,32 +163,32 @@
 The interfaces are configured as follows (firewall A unless otherwise
 indicated):
 .Pp
-.Pa /etc/hostname.sis0 :
+.Pa /etc/ifconfig.sis0 :
 .Bd -literal -offset indent
 inet 10.0.0.254 255.255.255.0 NONE
 .Ed
 .Pp
-.Pa /etc/hostname.sis1 :
+.Pa /etc/ifconfig.sis1 :
 .Bd -literal -offset indent
 inet 192.168.0.254 255.255.255.0 NONE
 .Ed
 .Pp
-.Pa /etc/hostname.sis2 :
+.Pa /etc/ifconfig.sis2 :
 .Bd -literal -offset indent
 inet 192.168.254.254 255.255.255.0 NONE
 .Ed
 .Pp
-.Pa /etc/hostname.carp0 :
+.Pa /etc/ifconfig.carp0 :
 .Bd -literal -offset indent
 inet 10.0.0.1 255.255.255.0 10.0.0.255 vhid 1 pass foo
 .Ed
 .Pp
-.Pa /etc/hostname.carp1 :
+.Pa /etc/ifconfig.carp1 :
 .Bd -literal -offset indent
 inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 2 pass bar
 .Ed
 .Pp
-.Pa /etc/hostname.pfsync0 :
+.Pa /etc/ifconfig.pfsync0 :
 .Bd -literal -offset indent
 up syncdev sis2
 .Ed
@@ -212,7 +214,7 @@
 interfaces should be set to something higher than
 the primary's.
 For example, if firewall B is the backup, its
-.Pa /etc/hostname.carp1
+.Pa /etc/ifconfig.carp1
 would look like this:
 .Bd -literal -offset indent
 inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 2 pass bar \e
@@ -232,9 +234,10 @@
 .Xr ipsec 4 ,
 .Xr netintro 4 ,
 .Xr pf 4 ,
-.Xr hostname.if 5 ,
+.Xr ifconfig.if 5 ,
 .Xr pf.conf 5 ,
 .Xr protocols 5 ,
+.\" enc 8,
 .Xr ifconfig 8 ,
 .Xr tcpdump 8
 .Sh HISTORY