summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2003-03-11 09:24:59 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2003-03-11 09:24:59 +0000
commit5481f12a74494cf75b24a40d11aace8b9f2f77ad (patch)
tree3f164b8c63a25c1666983a2777f2a3081572e8af
parentf5196a0a8a41305db41555310318c33c31e354f4 (diff)
removed .Ic's which were giving postscript trouble;
ok deraadt@
-rw-r--r--share/man/man5/spamd.conf.559
-rw-r--r--usr.sbin/authpf/authpf.8124
2 files changed, 80 insertions, 103 deletions
diff --git a/share/man/man5/spamd.conf.5 b/share/man/man5/spamd.conf.5
index 82d0d3800f3..2a4f3c32f0c 100644
--- a/share/man/man5/spamd.conf.5
+++ b/share/man/man5/spamd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: spamd.conf.5,v 1.6 2003/03/09 02:37:58 deraadt Exp $
+.\" $OpenBSD: spamd.conf.5,v 1.7 2003/03/11 09:24:58 jmc Exp $
.\"
.\" Copyright (c) 2003 Jason L. Wright (jason@thought.net)
.\" Copyright (c) 2003 Bob Beck
@@ -54,26 +54,26 @@ follows the syntax of configuration databases as documented in
.Xr getcap 3 .
Example:
.Bd -literal -offset indent
-.Ic all:\e
-.Ic :spews1:white:myblack:\e
-.Ic
-.Ic spews1:\e
-.Ic :black\e
-.Ic :msg="SPAM. Your address \&%A is in the spews\e
-.Ic level 1 database\ensee http://www.spews.org/ask.cgi?x=\&%A\en":\e
-.Ic :method=http:\e
-.Ic :file=www.spews.org/spews_list_level1.txt:
-.Ic \ \
-.Ic white:\e
-.Ic :white:\e
-.Ic :method=file:\e
-.Ic :file=/var/mail/mywhite.txt:\e
-.Ic \ \
-.Ic myblack:\e
-.Ic :black:\e
-.Ic :msg=/var/mail/myblackmsg.txt:\e
-.Ic :method=file:\e
-.Ic :file=/var/mail/myblack.txt
+all:\e
+ :spews1:white:myblack:\e
+.Pp
+spews1:\e
+ :black\e
+ :msg="SPAM. Your address \&%A is in the spews\e
+ level 1 database\ensee http://www.spews.org/ask.cgi?x=\&%A\en":\e
+ :method=http:\e
+ :file=www.spews.org/spews_list_level1.txt:
+.Pp
+white:\e
+ :white:\e
+ :method=file:\e
+ :file=/var/mail/mywhite.txt:\e
+.Pp
+myblack:\e
+ :black:\e
+ :msg=/var/mail/myblackmsg.txt:\e
+ :method=file:\e
+ :file=/var/mail/myblack.txt
.Ed
.Pp
The default configuration file must include the entry
@@ -101,9 +101,8 @@ from
.Ar myblack ,
the configuration
.Bd -literal -offset indent
-.Ic all:\e
-.Ic :spews1:white:myblack:white:\e
-.Ic
+all:\e
+ :spews1:white:myblack:white:\e
.Ed
would be used instead.
.Pp
@@ -156,12 +155,12 @@ are ignored.
Network blocks may be specified in any of the formats as in
the following example:
.Bd -literal -offset indent
-.Ic # CIDR format
-.Ic 192.168.20.0/24
-.Ic # A start - end range
-.Ic 192.168.21.0 - 192.168.21.255
-.Ic # As a single IP address
-.Ic 192.168.23.1
+# CIDR format
+192.168.20.0/24
+# A start - end range
+192.168.21.0 - 192.168.21.255
+# As a single IP address
+192.168.23.1
.Ed
.Pp
Each blacklist must include a message, specified in the
diff --git a/usr.sbin/authpf/authpf.8 b/usr.sbin/authpf/authpf.8
index 7d7d268f9b2..4e6a1d6821a 100644
--- a/usr.sbin/authpf/authpf.8
+++ b/usr.sbin/authpf/authpf.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: authpf.8,v 1.23 2003/03/10 15:37:29 jmc Exp $
+.\" $OpenBSD: authpf.8,v 1.24 2003/03/11 09:24:57 jmc Exp $
.\"
.\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>. All rights reserved.
.\"
@@ -93,10 +93,10 @@ in order to cause evaluation of any
.Nm
rules:
.Bd -literal
-.Ic nat-anchor authpf
-.Ic rdr-anchor authpf
-.Ic binat-anchor authpf
-.Ic anchor authpf
+nat-anchor authpf
+rdr-anchor authpf
+binat-anchor authpf
+anchor authpf
.Ed
.Pp
.Sh FILTER AND TRANSLATION RULES
@@ -311,21 +311,21 @@ To make that happen,
.Xr login.conf 5
should have entries that look something like this:
.Bd -literal
-.Ic shell-default:shell=/bin/csh
+shell-default:shell=/bin/csh
.Pp
-.Ic default:\e
-.Ic \ \ \ \ ...
-.Ic \ \ \ \ :shell=/usr/sbin/authpf
+default:\e
+ ...
+ :shell=/usr/sbin/authpf
.Pp
-.Ic daemon:\e
-.Ic \ \ \ \ ...
-.Ic \ \ \ \ :shell=/bin/csh:\e
-.Ic \ \ \ \ :tc=default:
+daemon:\e
+ ...
+ :shell=/bin/csh:\e
+ :tc=default:
.Pp
-.Ic staff:\e
-.Ic \ \ \ \ ...
-.Ic \ \ \ \ :shell=/bin/csh:\e
-.Ic \ \ \ \ :tc=default:
+staff:\e
+ ...
+ :shell=/bin/csh:\e
+ :tc=default:
.Ed
.Pp
Using a default password file, all users will get
@@ -339,8 +339,8 @@ must be properly configured to detect and defeat network attacks.
To that end, the following options should be added to
.Xr sshd_config 5 :
.Bd -literal
-.Ic ClientAliveInterval 15
-.Ic ClientAliveCountMax 3
+ClientAliveInterval 15
+ClientAliveCountMax 3
.Ed
.Pp
This ensures that unresponsive or spoofed sessions are terminated within a
@@ -354,25 +354,17 @@ of
.Pa /etc/motd
or something as simple as the following:
.Bd -literal -offset indent
-.Xo Ic This means you will be held accountable\
-.Ic by the powers that be
-.Xc
-.Xo Ic for traffic originating from your machine,\
-.Ic so please play nice.
-.Xc
+This means you will be held accountable by the powers that be
+for traffic originating from your machine, so please play nice.
.Ed
.Pp
To tell the user where to go when the system is broken,
.Pa /etc/authpf/authpf.problem
could contain something like this:
.Bd -literal -offset indent
-.Xo Ic Sorry, there appears to be some system\
-.Ic problem. To report this
-.Xc
-.Xo Ic problem so we can fix it, please\
-.Ic phone 1-900-314-1597 or send
-.Xc
-.Ic an email to remove@bulkmailerz.net.
+Sorry, there appears to be some system problem. To report this
+problem so we can fix it, please phone 1-900-314-1597 or send
+an email to remove@bulkmailerz.net.
.Ed
.Pp
\fBPacket Filter Rules\fP - In areas where this gateway is used to protect a
@@ -394,21 +386,17 @@ Example
.Bd -literal
# by default we allow internal clients to talk to us using
# ssh and use us as a dns server.
-.Ic internal_if=\&"fxp1\&"
-.Ic gateway_addr=\&"10.0.1.1\&"
-.Ic nat-anchor authpf
-.Ic rdr-anchor authpf
-.Ic binat-anchor authpf
-.Ic block in on $internal_if from any to any
-.Xo Ic pass in quick on $internal_if proto tcp\
-.Ic from any to $gateway_addr \e
-.Xc
-.Ic \ \ port = ssh
-.Xo Ic pass in quick on $internal_if proto udp\
-.Ic from any to $gateway_addr \e
-.Xc
-.Ic \ \ port = domain
-.Ic anchor authpf
+internal_if=\&"fxp1\&"
+gateway_addr=\&"10.0.1.1\&"
+nat-anchor authpf
+rdr-anchor authpf
+binat-anchor authpf
+block in on $internal_if from any to any
+pass in quick on $internal_if proto tcp from any to $gateway_addr \e
+ port = ssh
+pass in quick on $internal_if proto udp from any to $gateway_addr \e
+ port = domain
+anchor authpf
.Ed
.Pp
Example
@@ -416,14 +404,12 @@ Example
.Bd -literal
# no real restrictions here, basically turn the network jack off or on.
.Pp
-.Ic external_if = \&"xl0\&"
-.Ic internal_if = \&"fxp0\&"
+external_if = \&"xl0\&"
+internal_if = \&"fxp0\&"
.Pp
-.Xo Ic pass in log quick on $internal_if proto\
-.Ic tcp from $user_ip to any \e
-.Xc
-.Ic \ \ keep state
-.Ic pass in quick on $internal_if from $user_ip to any
+pass in log quick on $internal_if proto tcp from $user_ip to any \e
+ keep state
+pass in quick on $internal_if from $user_ip to any
.Ed
.Pp
Another example
@@ -431,30 +417,22 @@ Another example
for an insecure network (such as a public wireless network) where
we might need to be a bit more restrictive.
.Bd -literal
-.Ic internal_if=\&"fxp1\&"
-.Ic ipsec_gw=\&"10.2.3.4\&"
+internal_if=\&"fxp1\&"
+ipsec_gw=\&"10.2.3.4\&"
.Pp
# rdr ftp for proxying by ftp-proxy(8)
-.Xo Ic rdr on $internal_if proto tcp from\
-.Ic $user_ip to any port 21 \e
-.Xc
-.Ic \ \ -> 127.0.0.1 port 8081
+rdr on $internal_if proto tcp from $user_ip to any port 21 \e
+ -> 127.0.0.1 port 8081
.Pp
# allow out ftp, ssh, www and https only, and allow user to negotiate
# ipsec with the ipsec server.
-.Xo Ic pass in log quick on $internal_if\
-.Ic proto tcp from $user_ip to any \e
-.Xc
-.Ic \ \ port { 21, 22, 80, 443 } flags S/SA
-.Xo Ic pass in quick on $internal_if proto\
-.Ic tcp from $user_ip to any \e
-.Xc
-.Ic \ \ port { 21, 22, 80, 443 }
-.Xo Ic pass in quick proto udp from $user_ip\
-.Ic to $ipsec_gw port = isakmp \e
-.Xc
-.Ic \ \ keep state
-.Ic pass in quick proto esp from $user_ip to $ipsec_gw
+pass in log quick on $internal_if proto tcp from $user_ip to any \e
+ port { 21, 22, 80, 443 } flags S/SA
+pass in quick on $internal_if proto tcp from $user_ip to any \e
+ port { 21, 22, 80, 443 }
+pass in quick proto udp from $user_ip to $ipsec_gw port = isakmp \e
+ keep state
+pass in quick proto esp from $user_ip to $ipsec_gw
.Ed
.Sh FILES
.Bl -tag -width "/etc/authpf/authpf.conf" -compact