diff options
| author | Kjell Wooding <kjell@cvs.openbsd.org> | 2001-06-27 21:54:48 +0000 |
|---|---|---|
| committer | Kjell Wooding <kjell@cvs.openbsd.org> | 2001-06-27 21:54:48 +0000 |
| commit | fcc5591aea277c51fb455f803b1009ea80b83cf5 (patch) | |
| tree | a36441888e53ac0c6e5ebe446963d23b54b851ba /sbin/pfctl | |
| parent | 6085276eadbcf41a663e940e66e961a9a18ffc3f (diff) | |
Change flag syntax
-Fs, -Fn, -Fr, -FS to flush states, nat rules, filter rules, stats
-ss, -sn, -sr, -sS to show them
-z goes away
Diffstat (limited to 'sbin/pfctl')
| -rw-r--r-- | sbin/pfctl/pfctl.8 | 59 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.c | 45 |
2 files changed, 48 insertions, 56 deletions
diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index acac1f15b67..cc1a2c5697f 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfctl.8,v 1.13 2001/06/27 11:01:11 kjell Exp $ +.\" $OpenBSD: pfctl.8,v 1.14 2001/06/27 21:54:46 kjell Exp $ .\" .\" Copyright (c) 2001 Kjell Wooding. All rights reserved. .\" @@ -37,14 +37,13 @@ .Nm .Op Fl d .Op Fl e -.Op Fl c Ar set +.Op Fl F Ar modifier .Op Fl l Ar interface -.Op Fl n Ar file -.Op Fl N -.Op Fl r Ar file -.Op Fl s Ar set +.Op Fl N Ar file +.Op Fl n +.Op Fl R Ar file +.Op Fl s Ar modifier .Op Fl v -.Op Fl z .Sh DESCRIPTION The .Nm @@ -85,46 +84,44 @@ The options are as follows: Disable the packet filter .It Fl e Enable the packet filter -.It Fl c Ar set -Clear one of the following sets: -.Bl -tag -width "states" -compact -.It Ar nat -Clear the NAT rules -.It Ar rules -Clear the filter rules -.It Ar states -Clear the state table (NAT and filter) +.It Fl F Ar modifier +Flush one of the following sets: +.Bl -tag -width "Fn" -compact +.It Fl "\Fn" +Flush the NAT rules +.It Fl "Fr" +Flush the filter rules +.It Fl "Fs" +Flush the state table (NAT and filter) +.It Fl "FS" +Flush (zero) the filter statistics .El .It Fl l Ar interface Enable collection of packet and byte count statistics for interface named .Ar interface . These statistics can be viewed with the -.Fl s Ar status -option. -.It Fl N +.Fl "sS" +flag. +.It Fl n Do not actually load rules -.It Fl n Ar file +.It Fl N Ar file Load a NAT rules file -.It Fl r Ar file +.It Fl R Ar file Load a filter rules file into the filter -.It Fl s Ar set +.It Fl s Ar modifier Show filter parameters. -.Ar set -is one of the following: -.Bl -tag -width "status" -compact -.It Ar nat +.Bl -tag -width "sn" -compact +.It Fl "sn" Show the currently loaded NAT rules -.It Ar rules +.It Fl "sr" Show the currently loaded packet filter rules -.It Ar states +.It Fl "ss" Show the contents of the state table -.It Ar status +.It Fl "sS" Show filter statistics .El .It Fl v Show rules as they are parsed -.It Fl z -Zero the filter statistics .El .Sh FILES .Bl -tag -width "/etc/nat.conf" -compact diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index edf7d442827..d5019787d3a 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfctl.c,v 1.21 2001/06/27 21:27:47 dhartmei Exp $ */ +/* $OpenBSD: pfctl.c,v 1.22 2001/06/27 21:54:47 kjell Exp $ */ /* * Copyright (c) 2001, Daniel Hartmeier @@ -51,7 +51,6 @@ #define PF_OPT_ENABLE 0x0002 #define PF_OPT_VERBOSE 0x0004 #define PF_OPT_NOACTION 0x0008 -#define PF_OPT_ZEROSTATS 0x0010 void usage(void); char *load_file(char *, size_t *); @@ -397,27 +396,27 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - while ((ch = getopt(argc, argv, "c:dehl:Nn:r:s:vz")) != -1) { + while ((ch = getopt(argc, argv, "deF:hl:nN:R:s:v")) != -1) { switch (ch) { - case 'c': - clearopt = optarg; - break; case 'd': opts |= PF_OPT_DISABLE; break; case 'e': opts |= PF_OPT_ENABLE; break; + case 'F': + clearopt = optarg; + break; case 'l': logopt = optarg; break; - case 'N': + case 'n': opts |= PF_OPT_NOACTION; break; - case 'n': + case 'N': natopt = optarg; break; - case 'r': + case 'R': rulesopt = optarg; break; case 's': @@ -426,9 +425,6 @@ main(int argc, char *argv[]) case 'v': opts |= PF_OPT_VERBOSE; break; - case 'z': - opts |= PF_OPT_ZEROSTATS; - break; case 'h': default: usage(); @@ -444,22 +440,21 @@ main(int argc, char *argv[]) if (pfctl_disable(dev)) error = 1; - if (opts & PF_OPT_ZEROSTATS) - if (pfctl_clear_stats(dev)) - error = 1; - if (clearopt != NULL) { - if (!strcmp(clearopt, "rules")) { + if (!strcmp(clearopt, "r")) { if (pfctl_clear_rules(dev)) error = 1; - } else if (!strcmp(clearopt, "nat")) { + } else if (!strcmp(clearopt, "n")) { if (pfctl_clear_nat(dev)) error = 1; - } else if (!strcmp(clearopt, "states")) { + } else if (!strcmp(clearopt, "s")) { if (pfctl_clear_states(dev)) error = 1; + } else if (!strcmp (clearopt, "S")) { + if (pfctl_clear_stats(dev)) + error = 1; } else { - warnx("Unknown keyword '%s'", clearopt); + warnx("Unknown flush modifier '%s'", clearopt); error = 1; } } @@ -473,20 +468,20 @@ main(int argc, char *argv[]) error = 1; if (showopt != NULL) { - if (!strcmp(showopt, "rules")) { + if (!strcmp(showopt, "r")) { if (pfctl_show_rules(dev)) error = 1; - } else if (!strcmp(showopt, "nat")) { + } else if (!strcmp(showopt, "n")) { if (pfctl_show_nat(dev)) error = 1; - } else if (!strcmp(showopt, "states")) { + } else if (!strcmp(showopt, "s")) { if (pfctl_show_states(dev, 0)) error = 1; - } else if (!strcmp(showopt, "status")) { + } else if (!strcmp(showopt, "S")) { if (pfctl_show_status(dev)) error = 1; } else { - warnx("Unknown keyword '%s'", showopt); + warnx("Unknown show modifier '%s'", showopt); error = 1; } } |