summaryrefslogtreecommitdiff
path: root/sbin/pfctl/pfctl.8
diff options
context:
space:
mode:
authorMarco Pfatschbacher <mpf@cvs.openbsd.org>2005-05-22 21:05:24 +0000
committerMarco Pfatschbacher <mpf@cvs.openbsd.org>2005-05-22 21:05:24 +0000
commit9d406d5395219f58cb21c7af414f7ae3ff2f31cd (patch)
tree41d05240eecdf05e0bcb39972e1e223df29709f2 /sbin/pfctl/pfctl.8
parent1ab007e874cbeba337139155761f26c8f44c67c6 (diff)
Add support to kill states that match networks.
man page from jmc@ OK dhartmei@
Diffstat (limited to 'sbin/pfctl/pfctl.8')
-rw-r--r--sbin/pfctl/pfctl.849
1 files changed, 30 insertions, 19 deletions
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 9fdb00e361a..7569903ee19 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pfctl.8,v 1.118 2005/01/05 23:41:45 jmc Exp $
+.\" $OpenBSD: pfctl.8,v 1.119 2005/05/22 21:05:23 mpf Exp $
.\"
.\" Copyright (c) 2001 Kjell Wooding. All rights reserved.
.\"
@@ -42,7 +42,7 @@
.Op Fl F Ar modifier
.Op Fl f Ar file
.Op Fl i Ar interface
-.Op Fl k Ar host
+.Op Fl k Ar host | network
.Op Fl p Ar device
.Op Fl s Ar modifier
.Oo Xo
@@ -138,8 +138,10 @@ rules from the main ruleset is described in
For example, the following will show all filter rules (see the
.Fl s
flag below) inside the anchor
-.Li authpf/smith(1234) ,
-which would have been created for user smith by
+.Dq authpf/smith(1234) ,
+which would have been created for user
+.Dq smith
+by
.Xr authpf 8 ,
PID 1234:
.Bd -literal -offset indent
@@ -215,29 +217,38 @@ Help.
.It Fl i Ar interface
Restrict the operation to the given
.Ar interface .
-.It Fl k Ar host
+.It Fl k Ar host | network
Kill all of the state entries originating from the specified
-.Ar host .
+.Ar host
+or
+.Ar network .
A second
.Fl k Ar host
+or
+.Fl k Ar network
option may be specified, which will kill all the state entries
-from the first
-.Ar host
-to the second
-.Ar host .
+from the first host/network to the second.
For example, to kill all of the state entries originating from
-.Li host :
-.Bd -literal -offset indent
-# pfctl -k host
-.Ed
+.Dq host :
+.Pp
+.Dl # pfctl -k host
.Pp
To kill all of the state entries from
-.Li host1
+.Dq host1
to
-.Li host2 :
-.Bd -literal -offset indent
-# pfctl -k host1 -k host2
-.Ed
+.Dq host2 :
+.Pp
+.Dl # pfctl -k host1 -k host2
+.Pp
+To kill all states originating from 192.168.1.0/24 to 172.16.0.0/16:
+.Pp
+.Dl # pfctl -k 192.168.1.0/24 -k 172.16.0.0/16
+.Pp
+A network prefix length of 0 can be used as a wildcard.
+To kill all states with the target
+.Dq host2 :
+.Pp
+.Dl # pfctl -k 0.0.0.0/0 -k host2
.It Fl m
Merge in explicitly given options without resetting those
which are omitted.