diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2002-12-21 21:13:44 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2002-12-21 21:13:44 +0000 |
| commit | f901f5133f835f544b8b9a1af42d244a89c2cea7 (patch) | |
| tree | f1dbbcb7be49102a46f1d39be7c7ed0d83d2beb4 | |
| parent | 3a53b74ef99907f8454f15979e7eac50194d8ea0 (diff) | |
better example rules from David Krause, Thanks!
ok dhartmei@
| -rw-r--r-- | libexec/ftp-proxy/ftp-proxy.8 | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libexec/ftp-proxy/ftp-proxy.8 b/libexec/ftp-proxy/ftp-proxy.8 index 24d72be5418..4915f422575 100644 --- a/libexec/ftp-proxy/ftp-proxy.8 +++ b/libexec/ftp-proxy/ftp-proxy.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.28 2002/12/19 01:27:56 deraadt Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.29 2002/12/21 21:13:43 henning Exp $ .\" .\" Copyright (c) 1996-2001 .\" Obtuse Systems Corporation, All rights reserved. @@ -194,7 +194,7 @@ The following example allows only ports 49152 to 65535 to pass in statefully: .Bd -literal block in on $ext_if proto tcp all - pass in on $ext_if proto tcp from any to $ext_if \\ + pass in on $ext_if inet proto tcp from any to $ext_if \\ port > 49151 keep state .Ed .Pp @@ -203,7 +203,8 @@ Alternatively, rules can make use of the fact that by default, runs as user "proxy" to allow the backchannel connections, as in the following example: .Bd -literal block in on $ext_if proto tcp all - pass in on $ext_if proto tcp from any to $ext_if user proxy keep state + pass in on $ext_if inet proto tcp from any to $ext_if \\ + user proxy keep state .Ed .Pp These examples do not cover the connections from the proxy to the |