[src/trunk]: src/usr.sbin/npf/npfctl update.

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9d3de911bc48
branches:  trunk
changeset: 772569:9d3de911bc48
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Jan 08 22:14:55 2012 +0000

description:
update.

diffstat:

 usr.sbin/npf/npfctl/npf.conf.5 |  34 +++++++++++++++++-----------------
 1 files changed, 17 insertions(+), 17 deletions(-)

diffs (86 lines):

diff -r dbabed10ac90 -r 9d3de911bc48 usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5    Sun Jan 08 21:34:21 2012 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5    Sun Jan 08 22:14:55 2012 +0000
@@ -1,6 +1,6 @@
-.\"    $NetBSD: npf.conf.5,v 1.6 2011/11/29 01:12:09 riz Exp $
+.\"    $NetBSD: npf.conf.5,v 1.7 2012/01/08 22:14:55 christos Exp $
 .\"
-.\" Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This material is based upon work partially supported by The
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd March 22, 2011
+.Dd January 6, 2012
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -141,7 +141,7 @@
 
 rproc          = "procedure" \*[Lt]name\*[Gt] procs
 procs          = "{" op1 \*[Lt]newline\*[Gt], op2 \*[Lt]newline\*[Gt], ... "}"
-op             = ( "log" iface | "normalize" "(" norm-opt1 "," norm-opt2 ... ")" )
+op             = ( "log" iface | "normalise" "(" norm-opt1 "," norm-opt2 ... ")" )
 norm-opt       = [ "random-id" | "min-ttl" \*[Lt]num\*[Gt] | "max-mss" \*[Lt]num\*[Gt] | "no-df" ]
 
 group          = "group" "(" ( "default" | group-opts ) ")" ruleset
@@ -155,9 +155,9 @@
                  [ "keep state" ] [ "apply" rproc }
 
 block-opts     = [ "return-rst" | "return-icmp" | "return" ]
-filt-opts      = [ "from" ( iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt] ) port-opts ]
-                 [ "to" ( iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt] ) port-opts ]
-port-opts      = [ "port" ( \*[Lt]port-num\*[Gt] | \*[Lt]port-from\*[Gt] ":" \*[Lt]port-to\*[Gt] | def ) ]
+filt-addr      = iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt]
+port-opts      = [ "port" ( \*[Lt]port-num\*[Gt] | \*[Lt]port-from\*[Gt] "-" \*[Lt]port-to\*[Gt] | def ) ]
+filt-opts      = [ "from" filt-addr [ port-opts ] ] [ "to" filt-addr [ port-opts ] ]
 proto-opts     = [ "flags" \*[Lt]tcp_flags\*[Gt] | "icmp-type" \*[Lt]type\*[Gt] "code" \*[Lt]code\*[Gt] ]
 .Ed
 .\" -----
@@ -171,23 +171,23 @@
 .\" -----
 .Sh EXAMPLES
 .Bd -literal
-ext_if = "wm0"
-int_if = "wm1"
+$ext_if = "wm0"
+$int_if = "wm1"
 
-services_tcp = "{ http, https, smtp, domain, 6000 }"
-services_udp = "{ domain, ntp, 6000 }"
+$services_tcp = { http, https, smtp, domain, 6000 }
+$services_udp = { domain, ntp, 6000 }
 
-table "1" type hash file "/etc/npf_blacklist"
-table "2" type tree dynamic
+table <1> type hash file "/etc/npf_blacklist"
+table <2> type tree dynamic
 
 nat $ext_if from 192.168.0.0/24 to any -> $ext_if
 
 procedure "log" {
-       log npflog0
+       log: npflog0
 }
 
 procedure "rid" {
-       normalize (random-id)
+       normalise: "random-id"
 }
 
 group (name "external", interface $ext_if) {
@@ -197,8 +197,8 @@
        pass in quick inet proto tcp to $ext_if port ssh apply "log"
        pass in quick proto tcp to $ext_if port $services_tcp
        pass in quick proto udp to $ext_if port $services_udp
-       pass in quick proto tcp to $ext_if port 49151:65535     # Passive FTP
-       pass in quick proto udp to $ext_if port 33434:33600     # Traceroute
+       pass in quick proto tcp to $ext_if port 49151-65535     # Passive FTP
+       pass in quick proto udp to $ext_if port 33434-33600     # Traceroute
 }
 
 group (name "internal", interface $int_if) {