mirror of
https://github.com/openbsd/src.git
synced 2024-12-22 07:27:59 -08:00
omit preceding flag from command/modifier lists to get tags; OK jmc
reads odd to repeat, e.g. -F, when listing all its modifiers. as a consequence, automatic tagging wouldn't work, e.g. no "zero" tag would exist to jump to that -F modifier's definition. also add manual tags for -R and -T as get explained together with -s and -t, respectively, where only the first flag gets tagged.
This commit is contained in:
kn
parent
b6d9506b47
commit
e08605c7f2
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: pfctl.8,v 1.184 2024/11/20 13:57:29 kirill Exp $
|
||||
.\" $OpenBSD: pfctl.8,v 1.185 2024/11/21 18:16:01 kn Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2001 Kjell Wooding. All rights reserved.
|
||||
.\"
|
||||
@ -24,7 +24,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: November 20 2024 $
|
||||
.Dd $Mdocdate: November 21 2024 $
|
||||
.Dt PFCTL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -191,25 +191,25 @@ Flush the filter parameters specified by
|
||||
.Ar modifier
|
||||
(may be abbreviated):
|
||||
.Pp
|
||||
.Bl -tag -width xxxxxxxxxxxx -compact
|
||||
.It Fl F Cm rules
|
||||
.Bl -tag -width xxxxxxxxx -compact
|
||||
.It Cm rules
|
||||
Flush the filter rules.
|
||||
.It Fl F Cm states
|
||||
.It Cm states
|
||||
Flush the state table (NAT and filter).
|
||||
.It Fl F Cm Sources
|
||||
.It Cm Sources
|
||||
Flush the source tracking table.
|
||||
.It Fl F Cm info
|
||||
.It Cm info
|
||||
Flush the filter information (statistics that are not bound to rules).
|
||||
.It Fl F Cm Tables
|
||||
.It Cm Tables
|
||||
Flush the tables.
|
||||
.It Fl F Cm osfp
|
||||
.It Cm osfp
|
||||
Flush the passive operating system fingerprints.
|
||||
.It Fl F Cm Reset
|
||||
.It Cm Reset
|
||||
Reset limits, timeouts and other options back to default settings.
|
||||
See the OPTIONS section in
|
||||
.Xr pf.conf 5
|
||||
for details.
|
||||
.It Fl F Cm all
|
||||
.It Cm all
|
||||
Flush all of the above.
|
||||
.El
|
||||
.Pp
|
||||
@ -316,13 +316,13 @@ Do not actually load rules, just parse them.
|
||||
.It Fl o Ar level
|
||||
Control the ruleset optimizer, overriding any rule file settings.
|
||||
.Pp
|
||||
.Bl -tag -width xxxxxxxxxxxx -compact
|
||||
.It Fl o Cm none
|
||||
.Bl -tag -width xxxxxxxxx -compact
|
||||
.It Cm none
|
||||
Disable the ruleset optimizer.
|
||||
.It Fl o Cm basic
|
||||
.It Cm basic
|
||||
Enable basic ruleset optimizations.
|
||||
This is the default behaviour.
|
||||
.It Fl o Cm profile
|
||||
.It Cm profile
|
||||
Enable basic ruleset optimizations with profiling.
|
||||
.El
|
||||
.Pp
|
||||
@ -348,13 +348,14 @@ are mutually exclusive.
|
||||
.It Fl S Ar statefile
|
||||
Store the pf state table in the file specified by
|
||||
.Ar statefile .
|
||||
.Tg R
|
||||
.It Fl s Ar modifier Op Fl R Ar id
|
||||
Show the filter parameters specified by
|
||||
.Ar modifier
|
||||
(may be abbreviated):
|
||||
.Pp
|
||||
.Bl -tag -width xxxxxxxxxxxxxx -compact
|
||||
.It Fl s Cm queue
|
||||
.Bl -tag -width xxxxxxxxxxx -compact
|
||||
.It Cm queue
|
||||
Show the currently loaded queue definitions.
|
||||
When used together with
|
||||
.Fl v ,
|
||||
@ -364,7 +365,7 @@ When used together with
|
||||
.Nm
|
||||
will loop and show updated queue statistics every five seconds, including
|
||||
measured bandwidth and packets per second.
|
||||
.It Fl s Cm rules
|
||||
.It Cm rules
|
||||
Show the currently loaded filter rules.
|
||||
If
|
||||
.Fl R Ar id
|
||||
@ -388,7 +389,7 @@ will skip evaluation of rules where possible.
|
||||
Packets passed statefully are counted in the rule that created the state
|
||||
(even though the rule isn't evaluated more than once for the entire
|
||||
connection).
|
||||
.It Fl s Cm Anchors
|
||||
.It Cm Anchors
|
||||
Show the currently loaded anchors directly attached to the main ruleset.
|
||||
If
|
||||
.Fl a Ar anchor
|
||||
@ -399,15 +400,15 @@ If
|
||||
.Fl v
|
||||
is specified, all anchors attached under the target anchor will be
|
||||
displayed recursively.
|
||||
.It Fl s Cm states
|
||||
.It Cm states
|
||||
Show the contents of the state table.
|
||||
If
|
||||
.Fl R Ar id
|
||||
is specified as well,
|
||||
only states created by the rule with the specified numeric ID are shown.
|
||||
.It Fl s Cm Sources
|
||||
.It Cm Sources
|
||||
Show the contents of the source tracking table.
|
||||
.It Fl s Cm info
|
||||
.It Cm info
|
||||
Show filter information (statistics and counters).
|
||||
When used together with
|
||||
.Fl v ,
|
||||
@ -415,7 +416,7 @@ source tracking statistics, the firewall's 32-bit hostid number and the
|
||||
main ruleset's MD5 checksum for use with
|
||||
.Xr pfsync 4
|
||||
are also shown.
|
||||
.It Fl s Cm labels
|
||||
.It Cm labels
|
||||
Show per-rule statistics (label, evaluations, packets total, bytes total,
|
||||
packets in, bytes in, packets out, bytes out, state creations) of
|
||||
filter rules with labels, useful for accounting.
|
||||
@ -423,15 +424,15 @@ If
|
||||
.Fl R Ar id
|
||||
is specified as well,
|
||||
only the statistics for the rule with the specified numeric ID are shown.
|
||||
.It Fl s Cm timeouts
|
||||
.It Cm timeouts
|
||||
Show the current global timeouts.
|
||||
.It Fl s Cm memory
|
||||
.It Cm memory
|
||||
Show the current pool memory hard limits.
|
||||
.It Fl s Cm Tables
|
||||
.It Cm Tables
|
||||
Show the list of tables.
|
||||
.It Fl s Cm osfp
|
||||
.It Cm osfp
|
||||
Show the list of operating system fingerprints.
|
||||
.It Fl s Cm Interfaces
|
||||
.It Cm Interfaces
|
||||
Show the list of interfaces and interface groups available to PF.
|
||||
When used together with
|
||||
.Fl v ,
|
||||
@ -441,7 +442,7 @@ When used together with
|
||||
interface statistics are also shown.
|
||||
.Fl i
|
||||
can be used to select an interface or a group of interfaces.
|
||||
.It Fl s Cm all
|
||||
.It Cm all
|
||||
Show all of the above, except for the lists of interfaces and operating
|
||||
system fingerprints.
|
||||
.El
|
||||
@ -486,6 +487,7 @@ no free ports in translation port range
|
||||
.It no-route
|
||||
dropped by no-route
|
||||
.El
|
||||
.Tg T
|
||||
.It Fl t Ar table Fl T Ar command Op Ar address ...
|
||||
Specify the
|
||||
.Ar command
|
||||
@ -493,31 +495,31 @@ Specify the
|
||||
.Ar table .
|
||||
Commands include:
|
||||
.Pp
|
||||
.Bl -tag -width "-T expire number" -compact
|
||||
.It Fl T Cm add
|
||||
.Bl -tag -width "expire number" -compact
|
||||
.It Cm add
|
||||
Add one or more addresses to a table.
|
||||
Automatically create a persistent table if it does not exist.
|
||||
.It Fl T Cm delete
|
||||
.It Cm delete
|
||||
Delete one or more addresses from a table.
|
||||
.It Fl T Cm expire Ar number
|
||||
.It Cm expire Ar number
|
||||
Delete addresses which had their statistics cleared more than
|
||||
.Ar number
|
||||
seconds ago.
|
||||
For entries which have never had their statistics cleared,
|
||||
.Ar number
|
||||
refers to the time they were added to the table.
|
||||
.It Fl T Cm flush
|
||||
.It Cm flush
|
||||
Flush all addresses in a table.
|
||||
.It Fl T Cm kill
|
||||
.It Cm kill
|
||||
Kill a table.
|
||||
.It Fl T Cm replace
|
||||
.It Cm replace
|
||||
Replace the addresses of the table.
|
||||
Automatically create a persistent table if it does not exist.
|
||||
.It Fl T Cm show
|
||||
.It Cm show
|
||||
Show the content (addresses) of a table.
|
||||
.It Fl T Cm test
|
||||
.It Cm test
|
||||
Test if the given addresses match a table.
|
||||
.It Fl T Cm zero
|
||||
.It Cm zero
|
||||
Clear all the statistics of a table, or only for specified addresses.
|
||||
.El
|
||||
.Pp
|
||||
|
||||
Loading…
Reference in New Issue
Block a user