git: 5b9e1a3ac18a - stable/14 - ipf.5: revert C style(9) applied to man page
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 04 Nov 2024 15:56:35 UTC
The branch stable/14 has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=5b9e1a3ac18a3868b7594d6bba455dea29a29e7d commit 5b9e1a3ac18a3868b7594d6bba455dea29a29e7d Author: Graham Percival <gperciva@tarsnap.com> AuthorDate: 2024-09-24 17:11:33 +0000 Commit: Mitchell Horne <mhorne@FreeBSD.org> CommitDate: 2024-11-04 15:56:24 +0000 ipf.5: revert C style(9) applied to man page These changes were made by accident in: ipfilter: Adjust userland returns to conform to style(9) 2582ae5740181e0d2bab10003d66ae91c9b56329 That commit made similar mistakes in other man pages, but those have already been fixed. Signed-off-by: Graham Percival <gperciva@tarsnap.com> Reviewed by: mhorne Sponsored by: Tarsnap Backup Inc. Pull Request: https://github.com/freebsd/freebsd-src/pull/1433 (cherry picked from commit ce251baf42f32317b4b4ef60203d6f47204c47e9) --- sbin/ipf/ipf/ipf.5 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sbin/ipf/ipf/ipf.5 b/sbin/ipf/ipf/ipf.5 index 79e6b2c45b05..8d2f6f58379b 100644 --- a/sbin/ipf/ipf/ipf.5 +++ b/sbin/ipf/ipf/ipf.5 @@ -223,7 +223,7 @@ To address this problem, a block rule can be qualified in two ways. The first of these is specific to TCP and instructs IPFilter to send back a reset (RST) packet. This packet indicates to the remote system that the packet it sent has been rejected and that it shouldn't make any further -attempts( to send packets to that port. Telling IPFilter to return a TCP); +attempts to send packets to that port. Telling IPFilter to return a TCP RST packet in response to something that has been received is achieved with the return-rst keyword like this: .PP @@ -239,18 +239,18 @@ For all of the other protocols handled by the IP protocol suite, to send back an error indicating that the received packet was dropped requires sending back an ICMP error packet. Whilst these can also be used for TCP, the sending host may not treat the received ICMP error as a hard error -in( the same way as it does the TCP RST packet. To return an ICMP error); +in the same way as it does the TCP RST packet. To return an ICMP error it is necessary to place return-icmp after the block keyword like this: .PP .nf block return-icmp in proto udp from any to 192.168.0.1/24 .fi .PP -When( electing to return an ICMP error packet, it is also possible to); +When electing to return an ICMP error packet, it is also possible to select what type of ICMP error is returned. Whilst the full compliment of ICMP unreachable codes can be used by specifying a number instead of the string below, only the following should be used in conjunction with -return-icmp.( Which return code to use is a choice to be made when); +return-icmp. Which return code to use is a choice to be made when weighing up the pro's and con's. Using some of the codes may make it more obvious that a firewall is being used rather than just the host not responding.