-\" $OpenBSD: pfsync.4,v 1.24 2006/10/23 07:05:49 jmc Exp $
+.\" $OpenBSD: pfsync.4,v 1.24 2006/10/23 07:05:49 jmc Exp $
.\"
.\" Copyright (c) 2002 Michael Shalayeff
.\" Copyright (c) 2003-2004 Ryan McBride
net.inet.carp.preempt=1
.Ed
.Sh SEE ALSO
+.Xr tcpdump 1 ,
.Xr bpf 4 ,
.Xr carp 4 ,
.Xr inet 4 ,
.Xr pf 4 ,
.Xr pf.conf 5 ,
.Xr protocols 5 ,
-.Xr ifconfig 8 ,
-.Xr ifstated 8 ,
-.Xr tcpdump 1
+.Xr ifconfig 8
+.\".Xr ifstated 8 ,
.Sh HISTORY
The
.Nm
.Nm ftp-proxy
.Nd Internet File Transfer Protocol proxy daemon
.Sh SYNOPSIS
-.Nm ftp-proxy
+.Nm
.Op Fl 6Adrv
.Op Fl a Ar address
.Op Fl b Ar address
Assuming the FTP control connection is from $client to $server, the
proxy connected to the server using the $proxy source address, and
$port is negotiated, then
-.Nm ftp-proxy
+.Nm
adds the following rules to the various anchors.
(These example rules use inet, but the proxy also supports inet6.)
.Pp
.Sh CAVEATS
.Xr pf 4
does not allow the ruleset to be modified if the system is running at a
-.Xr securelevel 7
+securelevel
+.\".Xr securelevel 7
higher than 1.
At that level
-.Nm ftp-proxy
+.Nm
cannot add rules to the anchors and FTP data connections may get blocked.
.Pp
Negotiated data connection ports below 1024 are not allowed.
reasons.
This makes third party file transfers impossible.
.Pp
-.Nm ftp-proxy
+.Nm
chroots to "/var/empty" and changes to user "proxy" to drop privileges.
.Nm pfctl
.Nd "control the packet filter (PF) and network address translation (NAT) device"
.Sh SYNOPSIS
-.Nm pfctl
+.Nm
.Bk -words
.Op Fl AdeghmNnOqRrvz
.Op Fl a Ar anchor
is set to
.Dv YES
in
-.Xr rc.conf.local 8 ,
+.Xr rc.conf 5 ,
the rule file specified with the variable
.Va pf_rules
is loaded automatically by the
.Xr pf 4 ,
.Xr pf.conf 5 ,
.Xr pf.os 5 ,
+.Xr rc.conf 5 ,
.Xr sysctl.conf 5 ,
.Xr authpf 8 ,
.Xr ftp-proxy 8 ,
.Xr rc 8 ,
-.Xr rc.conf 8 ,
.Xr sysctl 8
.Sh HISTORY
The
projects / dragonfly.git / commitdiff