convert to mdoc

1 files changed, 94 insertions, 92 deletions

diff --git a/sbin/ipf/ipf.8 b/sbin/ipf/ipf.8
index d3f46bd1795..ba97b173086 100644
--- a/sbin/ipf/ipf.8
+++ b/sbin/ipf/ipf.8
@@ -1,128 +1,130 @@
-.\"	$OpenBSD: ipf.8,v 1.1 1999/02/07 00:48:29 deraadt Exp $
-.TH IPF 1
-.SH NAME
-ipf \- alters packet filtering lists for IP packet input and output
-.SH SYNOPSIS
-.B ipf
-[
-.B \-AdDEInorsUvyzZ
-] [
-.B \-l
-<block|pass|nomatch>
-] [
-.B \-F
-<i|o|a|s|S>
-]
-.B \-f
-<\fIfilename\fP>
-[
-.B \-f
-<\fIfilename\fP>
-[...]]
-.SH DESCRIPTION
-.PP
-\fBipf\fP opens the filenames listed (treating "\-" as stdin) and parses the
+.\"	$OpenBSD: ipf.8,v 1.2 1999/02/07 01:54:18 millert Exp $
+.Dd February 6, 1999
+.Dt IPF 1
+.Os
+.Sh NAME
+.Nm ipf
+.Nd alters packet filtering lists for IP packet input and output
+.Sh SYNOPSIS
+.Nm ipf
+.Op Fl AdDEInorsUvyzZ
+.Op Fl l Ar block|pass|nomatch
+.Op Fl F Ar i|o|a|s|S
+.Fl f Ar filename
+.Op Fl f Ar filename ...
+.Sh DESCRIPTION
+.Pp
+.Nm
+opens the filenames listed (treating "\-" as stdin) and parses the
 file for a set of rules which are to be added or removed from the packet
 filter rule set.
-.PP
-Each rule processed by \fBipf\fP
+.Pp
+Each rule processed by
+.Nm
 is added to the kernel's internal lists if there are no parsing problems.
 Rules are added to the end of the internal lists, matching the order in
-which they appear when given to \fBipf\fP.
-.SH OPTIONS
-.TP
-.B \-A
+which they appear when given to
+.Nm ipf .
+.Sh OPTIONS
+.Bl -tag -width Ds
+.It Fl A
 Set the list to make changes to the active list (default).
-.TP
-.B \-d
+.It Fl d
 Turn debug mode on.  Causes a hexdump of filter rules to be generated as
 it processes each one.
-.TP
-.B \-D
+.It Fl D
 Disable the filter (if enabled).  Not effective for loadable kernel versions.
-.TP
-.B \-E
+.It Fl E
 Enable the filter (if disabled).  Not effective for loadable kernel versions.
-.TP
-.BR \-F \0<i|o|a>
+.It Fl F Ar i|o|a
 This option specifies which filter list to flush.  The parameter should
 either be "i" (input), "o" (output) or "a" (remove all filter rules).
 Either a single letter or an entire word starting with the appropriate
 letter maybe used.  This option maybe before, or after, any other with
 the order on the command line being that used to execute options.
-.TP
-.BR \-F \0<s|S>
-To flush entries from the state table, the \fB-F\fP option is used in
-conjuction with either "s" (removes state information about any non-fully
+.It Fl F Ar s|S
+To flush entries from the state table, the
+.Fl -F
+option is used in
+conjunction with either "s" (removes state information about any non-fully
 established connections) or "S" (deletes the entire state table).  Only
 one of the two options may be given.  A fully established connection
-will show up in \fBipfstat -s\fP output as 4/4, with deviations either
-way indicating it is not fully established any more.
-.TP
-.BR \-f \0<filename>
+will show up in
+.Li ipfstat -s
+output as 4/4, with deviations either way indicating it is not
+fully established any more.
+.It Fl f Ar filename
 This option specifies which files
-\fBipf\fP should use to get input from for modifying the packet filter rule
-lists.
-.TP
-.B \-I
+.Nm
+should use to get input from for modifying the packet filter rule lists.
+.It Fl I
 Set the list to make changes to the inactive list.
-.TP
-.B \-l \0<pass|block|nomatch>
-Use of the \fB-l\fP flag toggles default logging of packets.  Valid
-arguments to this option are \fBpass\fP, \fBblock\fP and \fBnomatch\fP.
+.It Fl l Ar pass|block|nomatch
+Use of the
+.Fl l
+flag toggles default logging of packets.  Valid arguments to this option are
+.Ar pass ,
+.Ar block
+and
+.Ar nomatch .
 When an option is set, any packet which exits filtering and matches the
 set category is logged.  This is most useful for causing all packets
 which don't match any of the loaded rules to be logged.
-.TP
-.B \-n
-This flag (no-change) prevents \fBipf\fP from actually making any ioctl
-calls or doing anything which would alter the currently running kernel.
-.TP
-.B \-o
+.It Fl n
+This flag (no-change) prevents
+.Nm
+from actually making any ioctl calls or doing anything which would
+alter the currently running kernel.
+.It Fl o
 Force rules by default to be added/deleted to/from the output list, rather
 than the (default) input list.
-.TP
-.B \-r
+.It Fl r
 Remove matching filter rules rather than add them to the internal lists
-.TP
-.B \-s
+.It Fl s
 Swap the active filter list in use to be the "other" one.
-.TP
-.B \-U
-(SOLARIS 2 ONLY) Block packets travelling along the data stream which aren't
-recognised as IP packets.  They will be printed out on the console.
-.TP
-.B \-v
+.It Fl U
+(SOLARIS 2 ONLY) Block packets traveling along the data stream which aren't
+recognized as IP packets.  They will be printed out on the console.
+.It Fl v
 Turn verbose mode on.  Displays information relating to rule processing.
-.TP
-.B \-y
+.It Fl y
 Manually resync the in-kernel interface list maintained by IP Filter with
 the current interface status list.
-.TP
-.B \-z
+.It Fl z
 For each rule in the input file, reset the statistics for it to zero and
 display the statistics prior to them being zeroed.
-.TP
-.B \-Z
+.It Fl Z
 Zero global statistics held in the kernel for filtering only (this doesn't
 affect fragment or state statistics).
-.DT
-.SH FILES
-\fI/usr/share/ipf\fP -- sample configuration files.
-.br
-/dev/ipauth
-.br
-/dev/ipl
-.br
-/dev/ipstate
-.SH SEE ALSO
-ipftest(1), ipnat(1), ipf(4), ipl(4), ipnat(4), ipf(5), ipnat(5), ipfstat(8), ipmon(8)
+.Sh FILES
+.Bl -tag -width /usr/share/ipf -compact
+.It Pa /usr/share/ipf
+Location of sample configuration files
+.It Pa /dev/ipauth
+Name of the 
+.Nm
+auth socket
+.It Pa /dev/ipl
+Name of the 
+.Nm
+logging socket
+.It Pa /dev/ipstate
+Name of the 
+.Nm
+state socket
+.Sh SEE ALSO
+.Xr ipftest 1 ,
+.Xr ipnat 1 ,
+.Xr ipf 4 ,
+.Xr ipl 4 ,
+.Xr ipnat 4 ,
+.Xr ipf 5 ,
+.Xr ipfstat 8 ,
+.Xr ipmon 8
 .br
 http://coombs.anu.edu.au/ipfilter/
-.SH DIAGNOSTICS
-.PP
+.Sh DIAGNOSTICS
 Needs to be run as root for the packet filtering lists to actually
 be affected inside the kernel.
-.SH BUGS
-.PP
-If you find any, please send email to me at darrenr@pobox.com
+.Sh BUGS
+If you find any, please send email to me at darrenr@pobox.com.