From b31f0f400d2faae486a8b75ede3dd7164f3568cb Mon Sep 17 00:00:00 2001 From: Sascha Wildner Date: Tue, 10 Aug 2010 21:22:05 +0200 Subject: [PATCH] Some cleanup in the pf manual pages. --- share/man/man4/pflog.4 | 2 +- share/man/man4/pfsync.4 | 8 ++++---- usr.sbin/ftp-proxy/ftp-proxy.8 | 11 ++++++----- usr.sbin/pfctl/pfctl.8 | 6 +++--- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/share/man/man4/pflog.4 b/share/man/man4/pflog.4 index 1895768..fd64936 100644 --- a/share/man/man4/pflog.4 +++ b/share/man/man4/pflog.4 @@ -94,7 +94,7 @@ and monitor all packets logged on it: .Xr netintro 4 , .Xr pf 4 , .Xr ifconfig 8 , -.Xr pflogd 8, +.Xr pflogd 8 , .Xr tcpdump 1 .Sh HISTORY The diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4 index 358ba74..f85eee2 100644 --- a/share/man/man4/pfsync.4 +++ b/share/man/man4/pfsync.4 @@ -1,4 +1,4 @@ -\" $OpenBSD: pfsync.4,v 1.24 2006/10/23 07:05:49 jmc Exp $ +.\" $OpenBSD: pfsync.4,v 1.24 2006/10/23 07:05:49 jmc Exp $ .\" .\" Copyright (c) 2002 Michael Shalayeff .\" Copyright (c) 2003-2004 Ryan McBride @@ -211,6 +211,7 @@ The following must also be added to net.inet.carp.preempt=1 .Ed .Sh SEE ALSO +.Xr tcpdump 1 , .Xr bpf 4 , .Xr carp 4 , .Xr inet 4 , @@ -220,9 +221,8 @@ net.inet.carp.preempt=1 .Xr pf 4 , .Xr pf.conf 5 , .Xr protocols 5 , -.Xr ifconfig 8 , -.Xr ifstated 8 , -.Xr tcpdump 1 +.Xr ifconfig 8 +.\".Xr ifstated 8 , .Sh HISTORY The .Nm diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8 index 44e6e59..03f65bc 100644 --- a/usr.sbin/ftp-proxy/ftp-proxy.8 +++ b/usr.sbin/ftp-proxy/ftp-proxy.8 @@ -21,7 +21,7 @@ .Nm ftp-proxy .Nd Internet File Transfer Protocol proxy daemon .Sh SYNOPSIS -.Nm ftp-proxy +.Nm .Op Fl 6Adrv .Op Fl a Ar address .Op Fl b Ar address @@ -56,7 +56,7 @@ facility for this. Assuming the FTP control connection is from $client to $server, the proxy connected to the server using the $proxy source address, and $port is negotiated, then -.Nm ftp-proxy +.Nm adds the following rules to the various anchors. (These example rules use inet, but the proxy also supports inet6.) .Pp @@ -167,10 +167,11 @@ pass out proto tcp from $proxy to any port 21 .Sh CAVEATS .Xr pf 4 does not allow the ruleset to be modified if the system is running at a -.Xr securelevel 7 +securelevel +.\".Xr securelevel 7 higher than 1. At that level -.Nm ftp-proxy +.Nm cannot add rules to the anchors and FTP data connections may get blocked. .Pp Negotiated data connection ports below 1024 are not allowed. @@ -179,5 +180,5 @@ The negotiated IP address for active modes is ignored for security reasons. This makes third party file transfers impossible. .Pp -.Nm ftp-proxy +.Nm chroots to "/var/empty" and changes to user "proxy" to drop privileges. diff --git a/usr.sbin/pfctl/pfctl.8 b/usr.sbin/pfctl/pfctl.8 index b5be8a1..ec67d8f 100644 --- a/usr.sbin/pfctl/pfctl.8 +++ b/usr.sbin/pfctl/pfctl.8 @@ -31,7 +31,7 @@ .Nm pfctl .Nd "control the packet filter (PF) and network address translation (NAT) device" .Sh SYNOPSIS -.Nm pfctl +.Nm .Bk -words .Op Fl AdeghmNnOqRrvz .Op Fl a Ar anchor @@ -83,7 +83,7 @@ When the variable is set to .Dv YES in -.Xr rc.conf.local 8 , +.Xr rc.conf 5 , the rule file specified with the variable .Va pf_rules is loaded automatically by the @@ -667,11 +667,11 @@ Passive operating system fingerprint database. .Xr pf 4 , .Xr pf.conf 5 , .Xr pf.os 5 , +.Xr rc.conf 5 , .Xr sysctl.conf 5 , .Xr authpf 8 , .Xr ftp-proxy 8 , .Xr rc 8 , -.Xr rc.conf 8 , .Xr sysctl 8 .Sh HISTORY The -- 1.7.7.2