From fe7a30c7461b14f128123c224275ec4e05d88b53 Mon Sep 17 00:00:00 2001 From: Dmitry Smirnov Date: Sun, 2 Jun 2013 18:15:18 +1000 Subject: [PATCH] doc: lint man pages (hyphens and spelling) * hyphen-used-as-minus-sign * spelling-error-in-manpage --- extensions/libxt_DNETMAP.man | 34 +++++++++++++++--------------- extensions/libxt_geoip.man | 4 ++-- extensions/libxt_lscan.man | 2 +- extensions/pknock/libxt_pknock.man | 12 +++++------ geoip/xt_geoip_build.1 | 2 +- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/extensions/libxt_DNETMAP.man b/extensions/libxt_DNETMAP.man index 6b279e2..10c77ac 100644 --- a/extensions/libxt_DNETMAP.man +++ b/extensions/libxt_DNETMAP.man @@ -64,12 +64,12 @@ Removes binding with \fIIP\fR as prenat or postnat address. If removed binding is currently static, it'll make entry available for dynamic allocation. .TP echo "+persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR -Sets persistent flag for prefix. It's usefull if you don't want bindings to get +Sets persistent flag for prefix. It's useful if you don't want bindings to get flushed when firewall is restarted. You can check if prefix is persistent by printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR contents. .TP -echo "-persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR +echo "\-persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR Unsets persistent flag for prefix. In this mode prefix will be deleted if the last iptables rule for that prefix is removed. .TP @@ -90,7 +90,7 @@ using \fBdisable_log\fR module parameter. \fB1.\fR Map subnet 192.168.0.0/24 to subnets 20.0.0.0/26. SNAT only: -iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 +iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26 Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26. If packet from not yet bound prenat-ip hits the rule and there are no free or timed-out @@ -101,10 +101,10 @@ bindings ttl value is regenerated to default_ttl and SNAT is performed. \fB2.\fR Use of \fB\-\-reuse\fR and \fB\-\-ttl\fR switches, multiple rule interaction: -iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix -20.0.0.0/26 --reuse --ttl 200 +iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix +20.0.0.0/26 \-\-reuse \-\-ttl 200 -iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 30.0.0.0/26 +iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 30.0.0.0/26 Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl = 200 seconds. If there are no free addresses in first prefix the next one @@ -117,9 +117,9 @@ If both subnets are exhaused, then chain traversal continues. \fB3.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 bidirectional way: -iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 +iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26 -iptables -t nat -A PREROUTING -j DNETMAP +iptables \-t nat \-A PREROUTING \-j DNETMAP If host 192.168.0.10 generates some traffic, it gets bound to first free IP in subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to @@ -130,8 +130,8 @@ DNAT work for specific prefix only. \fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only: -iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 ---static +iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26 +\-\-static echo "+192.168.0.10:20.0.0.1" > /proc/net/xt_DNETMAP/20.0.0.0_26 .br @@ -145,12 +145,12 @@ using non-static entries. \fB5.\fR Persistent prefix: -iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 ---persistent +iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26 +\-\-persistent .br \fBor\fR .br -iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 +iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26 .br echo "+persistent" > /proc/net/xt_DNETMAP/20.0.0.0_26 @@ -162,11 +162,11 @@ cat /proc/net/xt_DNETMAP/20.0.0.0_26 Flush iptables nat table and see that prefix is still in existence: .br -iptables -F -t nat +iptables \-F \-t nat .br -ls -l /proc/net/xt_DNETMAP +ls \-l /proc/net/xt_DNETMAP .br --rw-r--r-- 1 root root 0 06-10 09:01 20.0.0.0_26 +\-rw\-r\-\-r\-\- 1 root root 0 06\-10 09:01 20.0.0.0_26 .br --rw-r--r-- 1 root root 0 06-10 09:01 20.0.0.0_26_stat +\-rw\-r\-\-r\-\- 1 root root 0 06\-10 09:01 20.0.0.0_26_stat . diff --git a/extensions/libxt_geoip.man b/extensions/libxt_geoip.man index fc966df..f5e71c7 100644 --- a/extensions/libxt_geoip.man +++ b/extensions/libxt_geoip.man @@ -15,8 +15,8 @@ with the source package, and which should be available in compiled packages in /usr/lib(exec)/xtables-addons/. The first command retrieves CSV files from MaxMind, while the other two build packed bisectable range files: .PP -mkdir -p /usr/share/xt_geoip; cd /tmp; $path/to/xt_geoip_dl; +mkdir \-p /usr/share/xt_geoip; cd /tmp; $path/to/xt_geoip_dl; .PP -$path/to/xt_geoip_build -D /usr/share/xt_geoip GeoIP*.csv; +$path/to/xt_geoip_build \-D /usr/share/xt_geoip GeoIP*.csv; .PP The shared library is hardcoded to look in these paths, so use them. diff --git a/extensions/libxt_lscan.man b/extensions/libxt_lscan.man index 4ec6ec0..e0408df 100644 --- a/extensions/libxt_lscan.man +++ b/extensions/libxt_lscan.man @@ -1,4 +1,4 @@ -Detects simple low-level scan attemps based upon the packet's contents. +Detects simple low-level scan attempts based upon the packet's contents. (This is different from other implementations, which also try to match the rate of new connections.) Note that an attempt is only discovered after it has been carried diff --git a/extensions/pknock/libxt_pknock.man b/extensions/pknock/libxt_pknock.man index c57d1c9..9ac361c 100644 --- a/extensions/pknock/libxt_pknock.man +++ b/extensions/pknock/libxt_pknock.man @@ -15,10 +15,10 @@ modprobe xt_pknock .PP Example 1 (TCP mode, manual closing of opened port not possible): .IP -iptables -P INPUT DROP +iptables \-P INPUT DROP .IP -iptables -A INPUT -p tcp -m pknock --knockports 4002,4001,4004 --strict ---name SSH --time 10 --autoclose 60 --dport 22 -j ACCEPT +iptables \-A INPUT \-p tcp \-m pknock \-\-knockports 4002,4001,4004 \-\-strict +\-\-name SSH \-\-time 10 \-\-autoclose 60 \-\-dport 22 \-j ACCEPT .PP The rule will allow tcp port 22 for the attempting IP address after the successful reception of TCP SYN packets to ports 4002, 4001 and 4004, in this order (a.k.a. port-knocking). @@ -33,10 +33,10 @@ Example 2 (UDP mode \(em non-replayable and non-spoofable, manual closing of opened port possible, secure, also called "SPA" = Secure Port Authorization): .IP -iptables -A INPUT -p udp -m pknock --knockports 4000 --name FTP ---opensecret foo --closesecret bar --autoclose 240 -j DROP +iptables \-A INPUT \-p udp \-m pknock \-\-knockports 4000 \-\-name FTP +\-\-opensecret foo \-\-closesecret bar \-\-autoclose 240 \-j DROP .IP -iptables -A INPUT -p tcp -m pknock --checkip --name FTP --dport 21 -j ACCEPT +iptables \-A INPUT \-p tcp \-m pknock \-\-checkip \-\-name FTP \-\-dport 21 \-j ACCEPT .PP The first rule will create an "ALLOWED" record in /proc/net/xt_pknock/FTP after the successful reception of an UDP packet to port 4000. The packet payload must be diff --git a/geoip/xt_geoip_build.1 b/geoip/xt_geoip_build.1 index 3118787..9e64fdd 100644 --- a/geoip/xt_geoip_build.1 +++ b/geoip/xt_geoip_build.1 @@ -29,7 +29,7 @@ Specify a target directory into which the files are to be put. .PP Shell commands to build the databases and put them to where they are expected: .PP -xt_geoip_build -D /usr/share/xt_geoip +xt_geoip_build \-D /usr/share/xt_geoip .SH See also .PP xt_geoip_dl(1)