[src/trunk]: src/usr.sbin/npf/npfctl npf.conf(5): mention alg, include in the...

[rmind <rmind%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/4c05acac41a7
branches:  trunk
changeset: 806095:4c05acac41a7
user:      rmind <rmind%NetBSD.org@localhost>
date:      Sun Feb 01 22:57:21 2015 +0000

description:
npf.conf(5): mention alg, include in the example, minor fix.

diffstat:

 usr.sbin/npf/npfctl/npf.conf.5 |  23 +++++++++++++++--------
 1 files changed, 15 insertions(+), 8 deletions(-)

diffs (66 lines):

diff -r a71feab8a95a -r 4c05acac41a7 usr.sbin/npf/npfctl/npf.conf.5
--- a/usr.sbin/npf/npfctl/npf.conf.5    Sun Feb 01 22:41:22 2015 +0000
+++ b/usr.sbin/npf/npfctl/npf.conf.5    Sun Feb 01 22:57:21 2015 +0000
@@ -1,6 +1,6 @@
-.\"    $NetBSD: npf.conf.5,v 1.43 2014/12/26 22:44:54 christos Exp $
+.\"    $NetBSD: npf.conf.5,v 1.44 2015/02/01 22:57:21 rmind Exp $
 .\"
-.\" Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2009-2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This material is based upon work partially supported by The
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 26, 2014
+.Dd February 1, 2015
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -232,7 +232,8 @@
 ; Syntax of a single line.  Lines can be separated by LF (\\n) or
 ; a semicolon.  Comments start with a hash (#) character.
 
-syntax         = var-def | table-def | map | group | rproc | comment
+syntax         = var-def | set-param | alg | table-def |
+                 map | group | rproc | comment
 
 ; Variable definition.  Names can be alpha-numeric, including "_" character.
 
@@ -240,8 +241,12 @@
 interface      = interface-name | var-name
 var-def                = var "=" ( var-value | "{" value *[ "," value ] "}" )
 
-; Parameter setting
-set-statement  = "set" parameter value
+; Parameter setting.
+set-param      = "set" param-value
+
+; Application level gateway.  The name should be in the double quotes.
+
+alg            = "alg" alg-name
 
 ; Table definition.  Table ID shall be numeric.  Path is in the double quotes.
 
@@ -306,8 +311,8 @@
 .\" -----
 .Sh EXAMPLES
 .Bd -literal
-$ext_if = { inet4(wm0), inet6(wm0) }
-$int_if = { inet4(wm1), inet6(wm1) }
+$ext_if = { inet4(wm0) }
+$int_if = { inet4(wm1) }
 
 table <blacklist> type hash file "/etc/npf_blacklist"
 table <limited> type tree dynamic
@@ -316,6 +321,8 @@
 $services_udp = { domain, ntp, 6000 }
 $localnet = { 10.1.1.0/24 }
 
+alg "icmp"
+
 # Note: if $ext_if has multiple IP address (e.g. IPv6 as well),
 # then the translation address has to be specified explicitly.
 map $ext_if dynamic 10.1.1.0/24 -> $ext_if