summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2003-02-14 12:04:24 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2003-02-14 12:04:24 +0000
commit4844b203355d5b780325507fbf8e31fbcad592d5 (patch)
tree3d5083086fcf1cd0b769731cab8011992268fca4
parent77f9b9cfa5d95c400ade9e08101197beeebc28a0 (diff)
tweak
-rw-r--r--sbin/pfctl/pfctl.826
1 files changed, 12 insertions, 14 deletions
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 8486c28a72e..2e055e5df61 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pfctl.8,v 1.76 2003/02/14 11:04:22 cedric Exp $
+.\" $OpenBSD: pfctl.8,v 1.77 2003/02/14 12:04:23 henning Exp $
.\"
.\" Copyright (c) 2001 Kjell Wooding. All rights reserved.
.\"
@@ -173,7 +173,7 @@ Help.
Do not actually load rules, just parse them.
.It Fl N
Load only the NAT rules present in the rule file.
-Filter rules and options are ignored.
+Other rules and options are ignored.
.It Fl q
Only print errors and warnings.
.It Fl r
@@ -340,7 +340,8 @@ by using two times the
.Fl v
modifier and the
.Ar show Tables
-command. This will display the number of addresses on each table,
+command.
+This will display the number of addresses on each table,
the number of rules which reference the table, and the global
packet statistics for the whole table:
.Pp
@@ -363,17 +364,15 @@ As we can see here, only one packet - the initial ping request - matched the
table; but all packets passing at the result of the state are correctly
accounted for.
Reloading the table(s) will not affect packet accounting in any way; however,
-in this version, the state accounting will unfortunately stop if the rules
-are reloaded or flushed.
+the state accounting will stop if the rules are reloaded or flushed.
The two
.Ar XPass
counters are incremented instead of the
.Ar Pass
counters when a \&"stateful\&" packet is passed but doesn't match the table
anymore.
-This will happen in our example if someone flush the table while the ping
-command is
-running.
+This will happen in our example if someone flushes the table while the ping
+command is running.
.Pp
When used with a single
.Fl v ,
@@ -391,18 +390,17 @@ refers to them.
.It a
For tables which are part of the
.Ar active
-tableset. Tables without this flag do not really exist, cannot contain addresses, and are
+tableset.
+Tables without this flag do not really exist, cannot contain addresses, and are
not listed if no
.Fl v
flag is given.
.It i
For tables which are part of the
.Ar inactive
-tableset. This flag can only be witnessed briefly during the loading of
+tableset.
+This flag can only be witnessed briefly during the loading of
.Nm pf.conf .
-If this flag appear for a long time, that mean
-.Nm pfctl
-failed badly.
.It r
For tables which are referenced (used) by rules.
.El
@@ -410,7 +408,7 @@ For tables which are referenced (used) by rules.
Produce more verbose output.
A second use of
.Fl v
-will produce an additional level of more verbose output.
+will produce even more verbose output.
See previous section for its effect on table commands.
.It Fl x Ar level
Set the debug level to one of the following.