diff options
| author |   jmc <jmc@openbsd.org> | 2006-10-23 07:05:49 +0000 |
|---|---|---|
| committer | jmc <jmc@openbsd.org> | 2006-10-23 07:05:49 +0000 |
| commit | 8605b7ebee56f7b8581cfdcf4b46343d7433a16b (patch) | |
| tree | 84be4ece80f2c5601a509cb7a51f1aaae9427adc | |
| parent | remove trailing space; (diff) | |
| download | wireguard-openbsd-8605b7ebee56f7b8581cfdcf4b46343d7433a16b.tar.xz wireguard-openbsd-8605b7ebee56f7b8581cfdcf4b46343d7433a16b.zip | |
no need to use "keep state" and "flags S/SA" in pf rules,
now that it is the default;
ok henning mcbride camield (ftp-proxy bits) deraadt
| -rw-r--r-- | libexec/spamlogd/spamlogd.8 | 6 | ||||
| -rw-r--r-- | sbin/brconfig/brconfig.8 | 4 | ||||
| -rw-r--r-- | sbin/pfctl/pfctl.8 | 4 | ||||
| -rw-r--r-- | share/man/man4/pfsync.4 | 4 | ||||
| -rw-r--r-- | usr.sbin/authpf/authpf.8 | 14 | ||||
| -rw-r--r-- | usr.sbin/ftp-proxy/ftp-proxy.8 | 10 |
6 files changed, 20 insertions, 22 deletions
diff --git a/libexec/spamlogd/spamlogd.8 b/libexec/spamlogd/spamlogd.8 index ffbdadbb8e6..aa4a9f279d7 100644 --- a/libexec/spamlogd/spamlogd.8 +++ b/libexec/spamlogd/spamlogd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: spamlogd.8,v 1.4 2004/07/14 21:38:09 jmc Exp $ +.\" $OpenBSD: spamlogd.8,v 1.5 2006/10/23 07:05:49 jmc Exp $ .\" .\" Copyright (c) 2004 Bob Beck. All rights reserved. .\" @@ -82,9 +82,9 @@ configuration for logging such connections is as follows: EXT_IF = "fxp0" MAILHOSTS = "{129.128.11.10, 129.128.11.43}" pass in log on $EXT_IF inet proto tcp to $MAILHOSTS \e - port smtp keep state + port smtp pass out log on $EXT_IF inet proto tcp from $MAILHOSTS \e - to any port smtp keep state + to any port smtp .Ed .Pp .Nm diff --git a/sbin/brconfig/brconfig.8 b/sbin/brconfig/brconfig.8 index 6e193becadc..a311492f5b5 100644 --- a/sbin/brconfig/brconfig.8 +++ b/sbin/brconfig/brconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: brconfig.8,v 1.58 2006/07/25 12:45:08 jmc Exp $ +.\" $OpenBSD: brconfig.8,v 1.59 2006/10/23 07:05:49 jmc Exp $ .\" .\" Copyright (c) 1999-2001 Jason L. Wright (jason@thought.net) .\" All rights reserved. @@ -334,7 +334,7 @@ An example .Xr pf.conf 5 rule using this tag is: .Pp -.Dl pass tagged boss keep state queue q_med +.Dl pass tagged boss queue q_med .Sh IPSEC BRIDGE The bridge can also be used to tunnel Ethernet frames over IPv4 or IPv6 by using the diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8 index 14394b677de..cf7d4f56613 100644 --- a/sbin/pfctl/pfctl.8 +++ b/sbin/pfctl/pfctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfctl.8,v 1.121 2006/06/09 15:20:03 jmc Exp $ +.\" $OpenBSD: pfctl.8,v 1.122 2006/10/23 07:05:49 jmc Exp $ .\" .\" Copyright (c) 2001 Kjell Wooding. All rights reserved. .\" @@ -473,7 +473,7 @@ The following commands configure the firewall and send 10 pings to the FTP server: .Bd -literal -offset indent # printf "table <test> { ftp.openbsd.org }\en \e - pass out to <test> keep state\en" | pfctl -f- + pass out to <test>\en" | pfctl -f- # ping -qc10 ftp.openbsd.org .Ed .Pp diff --git a/share/man/man4/pfsync.4 b/share/man/man4/pfsync.4 index 4ef7873fa55..43f13b2f30c 100644 --- a/share/man/man4/pfsync.4 +++ b/share/man/man4/pfsync.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pfsync.4,v 1.23 2005/08/09 09:55:41 jmc Exp $ +.\" $OpenBSD: pfsync.4,v 1.24 2006/10/23 07:05:49 jmc Exp $ .\" .\" Copyright (c) 2002 Michael Shalayeff .\" Copyright (c) 2003-2004 Ryan McBride @@ -200,7 +200,7 @@ The following should be added to the top of .Pa /etc/pf.conf : .Bd -literal -offset indent pass quick on { sis2 } proto pfsync -pass on { sis0 sis1 } proto carp keep state +pass on { sis0 sis1 } proto carp .Ed .Pp If it is preferable that one firewall handle the traffic, diff --git a/usr.sbin/authpf/authpf.8 b/usr.sbin/authpf/authpf.8 index 5a15b8c8e07..cb0da369ccc 100644 --- a/usr.sbin/authpf/authpf.8 +++ b/usr.sbin/authpf/authpf.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: authpf.8,v 1.41 2006/01/07 16:42:16 jmc Exp $ +.\" $OpenBSD: authpf.8,v 1.42 2006/10/23 07:05:49 jmc Exp $ .\" .\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>. All rights reserved. .\" @@ -427,8 +427,7 @@ TCP connections. external_if = "xl0" internal_if = "fxp0" -pass in log quick on $internal_if proto tcp from $user_ip to any \e - keep state +pass in log quick on $internal_if proto tcp from $user_ip to any pass in quick on $internal_if from $user_ip to any .Ed .Pp @@ -448,11 +447,10 @@ rdr on $internal_if proto tcp from $user_ip to any port 21 \e # allow out ftp, ssh, www and https only, and allow user to negotiate # ipsec with the ipsec server. pass in log quick on $internal_if proto tcp from $user_ip to any \e - port { 21, 22, 80, 443 } flags S/SA + port { 21, 22, 80, 443 } pass in quick on $internal_if proto tcp from $user_ip to any \e port { 21, 22, 80, 443 } -pass in quick proto udp from $user_ip to $ipsec_gw port = isakmp \e - keep state +pass in quick proto udp from $user_ip to $ipsec_gw port = isakmp pass in quick proto esp from $user_ip to $ipsec_gw .Ed .Pp @@ -467,7 +465,7 @@ int_if = "fxp0" # nat and tag connections... nat on $ext_if from $user_ip to any tag $user_ip -> $ext_addr pass in quick on $int_if from $user_ip to any -pass out log quick on $ext_if tagged $user_ip keep state +pass out log quick on $ext_if tagged $user_ip .Ed .Pp With the above rules added by @@ -493,7 +491,7 @@ lines will give SMTP and IMAP access to logged in users: .Bd -literal table <authpf_users> persist pass in on $ext_if proto tcp from <authpf_users> \e - to port { smtp imap } keep state + to port { smtp imap } .Ed .Pp It is also possible to use the "authpf_users" diff --git a/usr.sbin/ftp-proxy/ftp-proxy.8 b/usr.sbin/ftp-proxy/ftp-proxy.8 index 9c038b44c4b..c9bb9c54125 100644 --- a/usr.sbin/ftp-proxy/ftp-proxy.8 +++ b/usr.sbin/ftp-proxy/ftp-proxy.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ftp-proxy.8,v 1.5 2006/08/30 06:30:00 camield Exp $ +.\" $OpenBSD: ftp-proxy.8,v 1.6 2006/10/23 07:05:49 jmc Exp $ .\" .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl> .\" @@ -64,16 +64,16 @@ In case of active mode (PORT or EPRT): .Bd -literal -offset 2n rdr from $server to $proxy port $port -> $client pass quick inet proto tcp \e - from $server to $client port $port flags S/SAFR keep state + from $server to $client port $port .Ed .Pp In case of passive mode (PASV or EPSV): .Bd -literal -offset 2n nat from $client to $server port $port -> $proxy pass in quick inet proto tcp \e - from $client to $server port $port flags S/SAFR keep state + from $client to $server port $port pass out quick inet proto tcp \e - from $proxy to $server port $port flags S/SAFR keep state + from $proxy to $server port $port .Ed .Pp The options are as follows: @@ -157,7 +157,7 @@ rdr pass on $int_if proto tcp from $lan to any port 21 -> \e In the rule section: .Bd -literal -offset 2n anchor "ftp-proxy/*" -pass out proto tcp from $proxy to any port 21 keep state +pass out proto tcp from $proxy to any port 21 .Ed .Sh SEE ALSO .Xr ftp 1 , |