aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Smithurst <ben@FreeBSD.org>2000-11-16 14:21:50 +0000
committerBen Smithurst <ben@FreeBSD.org>2000-11-16 14:21:50 +0000
commitdff20b501044d0ff414fcfdcf2f70b52817b235f (patch)
tree8693540a13baafd904a47252fa1bc6b29e10d62d
parent99266694b58852dc13ca0093bdd2e3e98e336e23 (diff)
downloaddoc-dff20b501044d0ff414fcfdcf2f70b52817b235f.tar.gz
doc-dff20b501044d0ff414fcfdcf2f70b52817b235f.zip
Update the syntax of filtering commands.
PR: 22088 Submitted by: John Murphy <bigotfo@bigfoot.com> Reviewed by: nik
Notes
Notes: svn path=/head/; revision=8380
-rw-r--r--en_US.ISO8859-1/books/ppp-primer/book.sgml88
-rw-r--r--en_US.ISO_8859-1/books/ppp-primer/book.sgml88
2 files changed, 88 insertions, 88 deletions
diff --git a/en_US.ISO8859-1/books/ppp-primer/book.sgml b/en_US.ISO8859-1/books/ppp-primer/book.sgml
index 38f7f14e7f..66e5d87e8f 100644
--- a/en_US.ISO8859-1/books/ppp-primer/book.sgml
+++ b/en_US.ISO8859-1/books/ppp-primer/book.sgml
@@ -14,7 +14,7 @@
</author>
</authorgroup>
-<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.3 2000/04/30 22:18:21 nik Exp $</pubdate>
+<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.4 2000/07/26 01:14:22 ben Exp $</pubdate>
<abstract><para>This is a step-by-step guide for configuring FreeBSD systems to act as
a dial-up router/gateway in a Local Area Environment. All entries may
@@ -2214,7 +2214,7 @@ the PPP program:
<itemizedlist>
<listitem>
-<para><emphasis remap=tt>afilter</emphasis> - Access Counter (or "Keep Alive") filters
+<para><emphasis>alive</emphasis> filter - Access Counter (or "Keep Alive") filters
</para>
<para>These control which events are ignored by the <literal>set timeout=</literal>
@@ -2222,7 +2222,7 @@ statement in the configuration file.</para>
</listitem>
<listitem>
-<para><emphasis remap=tt>dfilter</emphasis> - Dialing filters
+<para><emphasis>dial</emphasis> filter - Dialing filters
</para>
<para>These filtering rules control which events are ignored by the
@@ -2230,7 +2230,7 @@ demand-dial mode of PPP.</para>
</listitem>
<listitem>
-<para><emphasis remap=tt>ifilter</emphasis> - Input filters
+<para><emphasis>in</emphasis> filter - Input filters
</para>
<para>Control whether incoming packets should be discarded or passed into
@@ -2238,7 +2238,7 @@ the system.</para>
</listitem>
<listitem>
-<para><emphasis remap=tt>ofilter</emphasis> - Output filters
+<para><emphasis>out</emphasis> filter - Output filters
</para>
<para>Control whether outgoing packets should be discarded or passed into
@@ -2257,83 +2257,83 @@ briefly describe the logic of each rule set:
# KeepAlive filters
# Don't keep Alive with ICMP,DNS and RIP packet
#
- set afilter 0 deny icmp
- set afilter 1 deny udp src eq 53
- set afilter 2 deny udp dst eq 53
- set afilter 3 deny udp src eq 520
- set afilter 4 deny udp dst eq 520
- set afilter 5 permit 0/0 0/0
+ set filter alive 0 deny icmp
+ set filter alive 1 deny udp src eq 53
+ set filter alive 2 deny udp dst eq 53
+ set filter alive 3 deny udp src eq 520
+ set filter alive 4 deny udp dst eq 520
+ set filter alive 5 permit 0/0 0/0
#
# Dial Filters:
# Note: ICMP will trigger a dial-out in this configuration!
#
- set dfilter 0 permit 0/0 0/0
+ set filter dial 0 permit 0/0 0/0
#
# Allow ident packet pass through
#
- set ifilter 0 permit tcp dst eq 113
- set ofilter 0 permit tcp src eq 113
+ set filter in 0 permit tcp dst eq 113
+ set filter out 0 permit tcp src eq 113
#
# Allow telnet connection to the Internet
#
- set ifilter 1 permit tcp src eq 23 estab
- set ofilter 1 permit tcp dst eq 23
+ set filter in 1 permit tcp src eq 23 estab
+ set filter out 1 permit tcp dst eq 23
#
# Allow ftp access to the Internet
#
- set ifilter 2 permit tcp src eq 21 estab
- set ofilter 2 permit tcp dst eq 21
- set ifilter 3 permit tcp src eq 20 dst gt 1023
- set ofilter 3 permit tcp dst eq 20
+ set filter in 2 permit tcp src eq 21 estab
+ set filter out 2 permit tcp dst eq 21
+ set filter in 3 permit tcp src eq 20 dst gt 1023
+ set filter out 3 permit tcp dst eq 20
#
# Allow access to DNS lookups
#
- set ifilter 4 permit udp src eq 53
- set ofilter 4 permit udp dst eq 53
+ set filter in 4 permit udp src eq 53
+ set filter out 4 permit udp dst eq 53
#
# Allow DNS Zone Transfers
#
- set ifilter 5 permit tcp src eq 53
- set ofilter 5 permit tcp dst eq 53
+ set filter in 5 permit tcp src eq 53
+ set filter out 5 permit tcp dst eq 53
#
# Allow access from/to local network
#
- set ifilter 6 permit 0/0 192.168.1.0/24
- set ofilter 6 permit 192.168.1.0/24 0/0
+ set filter in 6 permit 0/0 192.168.1.0/24
+ set filter out 6 permit 192.168.1.0/24 0/0
#
# Allow ping and traceroute response
#
- set ifilter 7 permit icmp
- set ofilter 7 permit icmp
- set ifilter 8 permit udp dst gt 33433
- set ofilter 9 permit udp dst gt 33433
+ set filter in 7 permit icmp
+ set filter out 7 permit icmp
+ set filter in 8 permit udp dst gt 33433
+ set filter out 9 permit udp dst gt 33433
#
# Allow cvsup
#
- set ifilter 9 permit tcp src eq 5998
- set ofilter 9 permit tcp dst eq 5998
- set ifilter 10 permit tcp src eq 5999
- set ofilter 10 permit tcp dst eq 5999
+ set filter in 9 permit tcp src eq 5998
+ set filter out 9 permit tcp dst eq 5998
+ set filter in 10 permit tcp src eq 5999
+ set filter out 10 permit tcp dst eq 5999
#
# Allow NTP for Time Synchronization
#
- set ifilter 11 permit tcp src eq 123 dst eq 123
- set ofilter 11 permit tcp src eq 123 dst eq 123
- set ifilter 12 permit udp src eq 123 dst eq 123
- set ofilter 12 permit udp src eq 123 dst eq 123
+ set filter in 11 permit tcp src eq 123 dst eq 123
+ set filter out 11 permit tcp src eq 123 dst eq 123
+ set filter in 12 permit udp src eq 123 dst eq 123
+ set filter out 12 permit udp src eq 123 dst eq 123
#
# SMTP'd be a good idea!
#
- set ifilter 13 permit tcp src eq 25
- set ofilter 13 permit tcp dst eq 25
+ set filter in 13 permit tcp src eq 25
+ set filter out 13 permit tcp dst eq 25
#
#
# We use a lot of `whois`, let's pass that
#
- set ifilter 14 permit tcp src eq 43
- set ofilter 14 permit tcp dst eq 43
- set ifilter 15 permit udp src eq 43
- set ofilter 15 permit udp dst eq 43
+ set filter in 14 permit tcp src eq 43
+ set filter out 14 permit tcp dst eq 43
+ set filter in 15 permit udp src eq 43
+ set filter out 15 permit udp dst eq 43
#
# If none of above rules matches, then packet is blocked.
#-------</screen>
diff --git a/en_US.ISO_8859-1/books/ppp-primer/book.sgml b/en_US.ISO_8859-1/books/ppp-primer/book.sgml
index 38f7f14e7f..66e5d87e8f 100644
--- a/en_US.ISO_8859-1/books/ppp-primer/book.sgml
+++ b/en_US.ISO_8859-1/books/ppp-primer/book.sgml
@@ -14,7 +14,7 @@
</author>
</authorgroup>
-<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.3 2000/04/30 22:18:21 nik Exp $</pubdate>
+<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.4 2000/07/26 01:14:22 ben Exp $</pubdate>
<abstract><para>This is a step-by-step guide for configuring FreeBSD systems to act as
a dial-up router/gateway in a Local Area Environment. All entries may
@@ -2214,7 +2214,7 @@ the PPP program:
<itemizedlist>
<listitem>
-<para><emphasis remap=tt>afilter</emphasis> - Access Counter (or "Keep Alive") filters
+<para><emphasis>alive</emphasis> filter - Access Counter (or "Keep Alive") filters
</para>
<para>These control which events are ignored by the <literal>set timeout=</literal>
@@ -2222,7 +2222,7 @@ statement in the configuration file.</para>
</listitem>
<listitem>
-<para><emphasis remap=tt>dfilter</emphasis> - Dialing filters
+<para><emphasis>dial</emphasis> filter - Dialing filters
</para>
<para>These filtering rules control which events are ignored by the
@@ -2230,7 +2230,7 @@ demand-dial mode of PPP.</para>
</listitem>
<listitem>
-<para><emphasis remap=tt>ifilter</emphasis> - Input filters
+<para><emphasis>in</emphasis> filter - Input filters
</para>
<para>Control whether incoming packets should be discarded or passed into
@@ -2238,7 +2238,7 @@ the system.</para>
</listitem>
<listitem>
-<para><emphasis remap=tt>ofilter</emphasis> - Output filters
+<para><emphasis>out</emphasis> filter - Output filters
</para>
<para>Control whether outgoing packets should be discarded or passed into
@@ -2257,83 +2257,83 @@ briefly describe the logic of each rule set:
# KeepAlive filters
# Don't keep Alive with ICMP,DNS and RIP packet
#
- set afilter 0 deny icmp
- set afilter 1 deny udp src eq 53
- set afilter 2 deny udp dst eq 53
- set afilter 3 deny udp src eq 520
- set afilter 4 deny udp dst eq 520
- set afilter 5 permit 0/0 0/0
+ set filter alive 0 deny icmp
+ set filter alive 1 deny udp src eq 53
+ set filter alive 2 deny udp dst eq 53
+ set filter alive 3 deny udp src eq 520
+ set filter alive 4 deny udp dst eq 520
+ set filter alive 5 permit 0/0 0/0
#
# Dial Filters:
# Note: ICMP will trigger a dial-out in this configuration!
#
- set dfilter 0 permit 0/0 0/0
+ set filter dial 0 permit 0/0 0/0
#
# Allow ident packet pass through
#
- set ifilter 0 permit tcp dst eq 113
- set ofilter 0 permit tcp src eq 113
+ set filter in 0 permit tcp dst eq 113
+ set filter out 0 permit tcp src eq 113
#
# Allow telnet connection to the Internet
#
- set ifilter 1 permit tcp src eq 23 estab
- set ofilter 1 permit tcp dst eq 23
+ set filter in 1 permit tcp src eq 23 estab
+ set filter out 1 permit tcp dst eq 23
#
# Allow ftp access to the Internet
#
- set ifilter 2 permit tcp src eq 21 estab
- set ofilter 2 permit tcp dst eq 21
- set ifilter 3 permit tcp src eq 20 dst gt 1023
- set ofilter 3 permit tcp dst eq 20
+ set filter in 2 permit tcp src eq 21 estab
+ set filter out 2 permit tcp dst eq 21
+ set filter in 3 permit tcp src eq 20 dst gt 1023
+ set filter out 3 permit tcp dst eq 20
#
# Allow access to DNS lookups
#
- set ifilter 4 permit udp src eq 53
- set ofilter 4 permit udp dst eq 53
+ set filter in 4 permit udp src eq 53
+ set filter out 4 permit udp dst eq 53
#
# Allow DNS Zone Transfers
#
- set ifilter 5 permit tcp src eq 53
- set ofilter 5 permit tcp dst eq 53
+ set filter in 5 permit tcp src eq 53
+ set filter out 5 permit tcp dst eq 53
#
# Allow access from/to local network
#
- set ifilter 6 permit 0/0 192.168.1.0/24
- set ofilter 6 permit 192.168.1.0/24 0/0
+ set filter in 6 permit 0/0 192.168.1.0/24
+ set filter out 6 permit 192.168.1.0/24 0/0
#
# Allow ping and traceroute response
#
- set ifilter 7 permit icmp
- set ofilter 7 permit icmp
- set ifilter 8 permit udp dst gt 33433
- set ofilter 9 permit udp dst gt 33433
+ set filter in 7 permit icmp
+ set filter out 7 permit icmp
+ set filter in 8 permit udp dst gt 33433
+ set filter out 9 permit udp dst gt 33433
#
# Allow cvsup
#
- set ifilter 9 permit tcp src eq 5998
- set ofilter 9 permit tcp dst eq 5998
- set ifilter 10 permit tcp src eq 5999
- set ofilter 10 permit tcp dst eq 5999
+ set filter in 9 permit tcp src eq 5998
+ set filter out 9 permit tcp dst eq 5998
+ set filter in 10 permit tcp src eq 5999
+ set filter out 10 permit tcp dst eq 5999
#
# Allow NTP for Time Synchronization
#
- set ifilter 11 permit tcp src eq 123 dst eq 123
- set ofilter 11 permit tcp src eq 123 dst eq 123
- set ifilter 12 permit udp src eq 123 dst eq 123
- set ofilter 12 permit udp src eq 123 dst eq 123
+ set filter in 11 permit tcp src eq 123 dst eq 123
+ set filter out 11 permit tcp src eq 123 dst eq 123
+ set filter in 12 permit udp src eq 123 dst eq 123
+ set filter out 12 permit udp src eq 123 dst eq 123
#
# SMTP'd be a good idea!
#
- set ifilter 13 permit tcp src eq 25
- set ofilter 13 permit tcp dst eq 25
+ set filter in 13 permit tcp src eq 25
+ set filter out 13 permit tcp dst eq 25
#
#
# We use a lot of `whois`, let's pass that
#
- set ifilter 14 permit tcp src eq 43
- set ofilter 14 permit tcp dst eq 43
- set ifilter 15 permit udp src eq 43
- set ofilter 15 permit udp dst eq 43
+ set filter in 14 permit tcp src eq 43
+ set filter out 14 permit tcp dst eq 43
+ set filter in 15 permit udp src eq 43
+ set filter out 15 permit udp dst eq 43
#
# If none of above rules matches, then packet is blocked.
#-------</screen>