diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-10-07 11:56:59 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2001-10-07 11:56:59 +0000 |
| commit | 3c478011ad2d4c9495aa88a3e52e27d8fd464fe9 (patch) | |
| tree | 3b045021bf793b3ad3ec9d96b758094985090249 /share/man | |
| parent | 235f01ce50c57f39706729c8673c685f0a3b001b (diff) | |
Add interface name to address translation to pfctl, document it and add
a regress test. Translation is done on rule set load-time only, so the
rule sets must be reloaded when an interface address changes.
parse.y patch from Cedric Berger. Similar patch from Jonathon Fletcher.
Thanks to both.
Diffstat (limited to 'share/man')
| -rw-r--r-- | share/man/man5/nat.conf.5 | 16 | ||||
| -rw-r--r-- | share/man/man5/pf.conf.5 | 19 |
2 files changed, 29 insertions, 6 deletions
diff --git a/share/man/man5/nat.conf.5 b/share/man/man5/nat.conf.5 index e9c7fbb7ba6..bee513c1519 100644 --- a/share/man/man5/nat.conf.5 +++ b/share/man/man5/nat.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nat.conf.5,v 1.15 2001/10/05 14:45:54 mpech Exp $ +.\" $OpenBSD: nat.conf.5,v 1.16 2001/10/07 11:56:57 dhartmei Exp $ .\" .\" Copyright (c) 2001 Ian Darwin. All rights reserved. .\" @@ -88,9 +88,19 @@ Comments begin with the character `#'; empty lines are ignored. An .Em ifname is a network interface such as fxp4, ne0, or ep1. -An .Em address -is an IP address. +can be specified in CIDR notation (matching netblocks), as +symbolic host names or interface names. +Host name resolution and interface to address translation are done at rule +set load-time. +When the address of an interface (or host name) changes (by DHCP or PPP, +for instance), the rule set must be reloaded for the change to be reflected +in the kernel. +See +.Xr dhclient-script 8 +or +.Xr ppp 8 +for information on how to automate this task. If specified, .Em mask-bits refers to the number of bits in the netmask. diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 497e49179fa..3c93aadc269 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.20 2001/10/05 14:45:54 mpech Exp $ +.\" $OpenBSD: pf.conf.5,v 1.21 2001/10/07 11:56:57 dhartmei Exp $ .\" .\" Copyright (c) 2001, Daniel Hartmeier .\" All rights reserved. @@ -186,8 +186,21 @@ Common protocols used here are tcp, udp, icmp and ipv6-icmp. .Ss from <source> port <source> to <dest> port <dest> The rule applies only to packets with the specified source and destination addresses/ports. -Addresses can be specified in CIDR notation (matching netblocks) and ports -can be specified using these operators +.Pp +Addresses can be specified in CIDR notation (matching netblocks), as +symbolic host names or interface names. +Host name resolution and interface to address translation are done at +rule set load-time. +When the address of an interface (or host name) changes (by DHCP or PPP, +for instance), the rule set must be reloaded for the change to be reflected +in the kernel. +See +.Xr dhclient-script 8 +or +.Xr ppp 8 +for information on how to automate this task. +.Pp +Ports can be specified using these operators .Bd -literal = (equal), != (unequal), < (lesser), <= (lesser or equal), > (greater), >= (greater or equal), >< (range) and <> (except range). |