diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2003-02-14 12:04:24 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2003-02-14 12:04:24 +0000 |
commit | 4844b203355d5b780325507fbf8e31fbcad592d5 (patch) | |
tree | 3d5083086fcf1cd0b769731cab8011992268fca4 | |
parent | 77f9b9cfa5d95c400ade9e08101197beeebc28a0 (diff) |
tweak
-rw-r--r-- | sbin/pfctl/pfctl.8 | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 8486c28a72e..2e055e5df61 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfctl.8,v 1.76 2003/02/14 11:04:22 cedric Exp $ +.\" $OpenBSD: pfctl.8,v 1.77 2003/02/14 12:04:23 henning Exp $ .\" .\" Copyright (c) 2001 Kjell Wooding. All rights reserved. .\" @@ -173,7 +173,7 @@ Help. Do not actually load rules, just parse them. .It Fl N Load only the NAT rules present in the rule file. -Filter rules and options are ignored. +Other rules and options are ignored. .It Fl q Only print errors and warnings. .It Fl r @@ -340,7 +340,8 @@ by using two times the .Fl v modifier and the .Ar show Tables -command. This will display the number of addresses on each table, +command. +This will display the number of addresses on each table, the number of rules which reference the table, and the global packet statistics for the whole table: .Pp @@ -363,17 +364,15 @@ As we can see here, only one packet - the initial ping request - matched the table; but all packets passing at the result of the state are correctly accounted for. Reloading the table(s) will not affect packet accounting in any way; however, -in this version, the state accounting will unfortunately stop if the rules -are reloaded or flushed. +the state accounting will stop if the rules are reloaded or flushed. The two .Ar XPass counters are incremented instead of the .Ar Pass counters when a \&"stateful\&" packet is passed but doesn't match the table anymore. -This will happen in our example if someone flush the table while the ping -command is -running. +This will happen in our example if someone flushes the table while the ping +command is running. .Pp When used with a single .Fl v , @@ -391,18 +390,17 @@ refers to them. .It a For tables which are part of the .Ar active -tableset. Tables without this flag do not really exist, cannot contain addresses, and are +tableset. +Tables without this flag do not really exist, cannot contain addresses, and are not listed if no .Fl v flag is given. .It i For tables which are part of the .Ar inactive -tableset. This flag can only be witnessed briefly during the loading of +tableset. +This flag can only be witnessed briefly during the loading of .Nm pf.conf . -If this flag appear for a long time, that mean -.Nm pfctl -failed badly. .It r For tables which are referenced (used) by rules. .El @@ -410,7 +408,7 @@ For tables which are referenced (used) by rules. Produce more verbose output. A second use of .Fl v -will produce an additional level of more verbose output. +will produce even more verbose output. See previous section for its effect on table commands. .It Fl x Ar level Set the debug level to one of the following. |