summaryrefslogtreecommitdiff
path: root/share/man
diff options
context:
space:
mode:
authorRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-11-08 00:45:35 +0000
committerRyan Thomas McBride <mcbride@cvs.openbsd.org>2003-11-08 00:45:35 +0000
commitad889ed4b346cf23a293ccca7173155cb2c7b96b (patch)
tree4af13e1664679a08b0035b108a4deeec5a7f20c6 /share/man
parentf79d6110d197c3e4858e283591f7031205d91a53 (diff)
Add 'no-sync' state option to prevent state transition messages for states
created by this rule from appearing on the pfsync(4) interface. e.g. pass in proto tcp to self flags S/SA keep state (no-sync) ok cedric@ henning@ dhartmei@
Diffstat (limited to 'share/man')
-rw-r--r--share/man/man4/pfsync.410
-rw-r--r--share/man/man5/pf.conf.59
2 files changed, 16 insertions, 3 deletions
diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4
index 21dd7d5412f..3eef718c34a 100644
--- a/share/man/man4/pfsync.4
+++ b/share/man/man4/pfsync.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pfsync.4,v 1.6 2003/06/06 10:29:41 jmc Exp $
+.\" $OpenBSD: pfsync.4,v 1.7 2003/11/08 00:45:33 mcbride Exp $
.\"
.\" Copyright (c) 2002 Michael Shalayeff
.\" All rights reserved.
@@ -43,6 +43,13 @@ for changes in the table by invoking
on the
.Nm
interface.
+States created by a rule marked with the
+.Ar no-sync
+keyword are ommited from the
+.Nm pfsync
+interface (see
+.Xr pf.conf 5
+for details).
.Pp
Each packet retrieved on this interface has a header associated
with it of length
@@ -71,6 +78,7 @@ struct pfsync_header {
.Xr inet6 4 ,
.Xr netintro 4 ,
.Xr pf 4 ,
+.Xr pf.conf 5 ,
.Xr ifconfig 8 ,
.Xr tcpdump 8
.Sh HISTORY
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index f963a1a0936..30cd869c3f9 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.277 2003/11/07 20:29:54 mcbride Exp $
+.\" $OpenBSD: pf.conf.5,v 1.278 2003/11/08 00:45:34 mcbride Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -1737,6 +1737,10 @@ support the following options:
Limits the number of concurrent states the rule may create.
When this limit is reached, further packets matching the rule that would
create state are dropped, until existing states time out.
+.It Ar no-sync
+Prevent state changes for states created by this rule from appearing on the
+.Xr pfsync 4
+interface.
.It Ar <timeout> <seconds>
Changes the timeout values used for states created by this rule.
For a list of all valid timeout names, see
@@ -2421,7 +2425,7 @@ tos = "tos" ( "lowdelay" | "throughput" | "reliability" |
[ "0x" ] number )
state-opts = state-opt [ [ "," ] state-opts ]
-state-opt = ( "max" number ) | ( timeout )
+state-opt = ( "max" number | "no-sync" | timeout )
fragmentation = [ "fragment reassemble" | "fragment crop" |
"fragment drop-ovl" ]
@@ -2478,6 +2482,7 @@ Example rulesets.
.Xr ip 4 ,
.Xr ip6 4 ,
.Xr pf 4 ,
+.Xr pfsync 4 ,
.Xr tcp 4 ,
.Xr udp 4 ,
.Xr hosts 5 ,