diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-11-08 00:45:35 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2003-11-08 00:45:35 +0000 |
commit | ad889ed4b346cf23a293ccca7173155cb2c7b96b (patch) | |
tree | 4af13e1664679a08b0035b108a4deeec5a7f20c6 /share/man | |
parent | f79d6110d197c3e4858e283591f7031205d91a53 (diff) |
Add 'no-sync' state option to prevent state transition messages for states
created by this rule from appearing on the pfsync(4) interface. e.g.
pass in proto tcp to self flags S/SA keep state (no-sync)
ok cedric@ henning@ dhartmei@
Diffstat (limited to 'share/man')
-rw-r--r-- | share/man/man4/pfsync.4 | 10 | ||||
-rw-r--r-- | share/man/man5/pf.conf.5 | 9 |
2 files changed, 16 insertions, 3 deletions
diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4 index 21dd7d5412f..3eef718c34a 100644 --- a/share/man/man4/pfsync.4 +++ b/share/man/man4/pfsync.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfsync.4,v 1.6 2003/06/06 10:29:41 jmc Exp $ +.\" $OpenBSD: pfsync.4,v 1.7 2003/11/08 00:45:33 mcbride Exp $ .\" .\" Copyright (c) 2002 Michael Shalayeff .\" All rights reserved. @@ -43,6 +43,13 @@ for changes in the table by invoking on the .Nm interface. +States created by a rule marked with the +.Ar no-sync +keyword are ommited from the +.Nm pfsync +interface (see +.Xr pf.conf 5 +for details). .Pp Each packet retrieved on this interface has a header associated with it of length @@ -71,6 +78,7 @@ struct pfsync_header { .Xr inet6 4 , .Xr netintro 4 , .Xr pf 4 , +.Xr pf.conf 5 , .Xr ifconfig 8 , .Xr tcpdump 8 .Sh HISTORY diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index f963a1a0936..30cd869c3f9 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.277 2003/11/07 20:29:54 mcbride Exp $ +.\" $OpenBSD: pf.conf.5,v 1.278 2003/11/08 00:45:34 mcbride Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -1737,6 +1737,10 @@ support the following options: Limits the number of concurrent states the rule may create. When this limit is reached, further packets matching the rule that would create state are dropped, until existing states time out. +.It Ar no-sync +Prevent state changes for states created by this rule from appearing on the +.Xr pfsync 4 +interface. .It Ar <timeout> <seconds> Changes the timeout values used for states created by this rule. For a list of all valid timeout names, see @@ -2421,7 +2425,7 @@ tos = "tos" ( "lowdelay" | "throughput" | "reliability" | [ "0x" ] number ) state-opts = state-opt [ [ "," ] state-opts ] -state-opt = ( "max" number ) | ( timeout ) +state-opt = ( "max" number | "no-sync" | timeout ) fragmentation = [ "fragment reassemble" | "fragment crop" | "fragment drop-ovl" ] @@ -2478,6 +2482,7 @@ Example rulesets. .Xr ip 4 , .Xr ip6 4 , .Xr pf 4 , +.Xr pfsync 4 , .Xr tcp 4 , .Xr udp 4 , .Xr hosts 5 , |