anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-08 13:44:56 +02:00
Code Issues Releases Wiki Activity

doc: lint man pages (hyphens and spelling)

Browse Source 
* hyphen-used-as-minus-sign
* spelling-error-in-manpage
This commit is contained in:
Dmitry Smirnov
2013-06-02 18:15:18 +10:00
committed by Jan Engelhardt
parent d582cc04df
commit fe7a30c746
5 changed files with 27 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
extensions/libxt_DNETMAP.man
View File

@@ -64,12 +64,12 @@ Removes binding with \fIIP\fR as prenat or postnat address. If removed binding
is currently static, it'll make entry available for dynamic allocation. is currently static, it'll make entry available for dynamic allocation.
.TP .TP
echo "+persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR echo "+persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
Sets persistent flag for prefix. It's usefull if you don't want bindings to get Sets persistent flag for prefix. It's useful if you don't want bindings to get
flushed when firewall is restarted. You can check if prefix is persistent by flushed when firewall is restarted. You can check if prefix is persistent by
printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR
contents. contents.
.TP .TP
echo "-persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR echo "\-persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
Unsets persistent flag for prefix. In this mode prefix will be deleted if the Unsets persistent flag for prefix. In this mode prefix will be deleted if the
last iptables rule for that prefix is removed. last iptables rule for that prefix is removed.
.TP .TP
@@ -90,7 +90,7 @@ using \fBdisable_log\fR module parameter.
\fB1.\fR Map subnet 192.168.0.0/24 to subnets 20.0.0.0/26. SNAT only: \fB1.\fR Map subnet 192.168.0.0/24 to subnets 20.0.0.0/26. SNAT only:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26. If packet Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26. If packet
from not yet bound prenat-ip hits the rule and there are no free or timed-out from not yet bound prenat-ip hits the rule and there are no free or timed-out
@@ -101,10 +101,10 @@ bindings ttl value is regenerated to default_ttl and SNAT is performed.
\fB2.\fR Use of \fB\-\-reuse\fR and \fB\-\-ttl\fR switches, multiple rule \fB2.\fR Use of \fB\-\-reuse\fR and \fB\-\-ttl\fR switches, multiple rule
interaction: interaction:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix
20.0.0.0/26 --reuse --ttl 200 20.0.0.0/26 \-\-reuse \-\-ttl 200
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 30.0.0.0/26 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 30.0.0.0/26
Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl = Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl =
200 seconds. If there are no free addresses in first prefix the next one 200 seconds. If there are no free addresses in first prefix the next one
@@ -117,9 +117,9 @@ If both subnets are exhaused, then chain traversal continues.
\fB3.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 bidirectional way: \fB3.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 bidirectional way:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
iptables -t nat -A PREROUTING -j DNETMAP iptables \-t nat \-A PREROUTING \-j DNETMAP
If host 192.168.0.10 generates some traffic, it gets bound to first free IP in If host 192.168.0.10 generates some traffic, it gets bound to first free IP in
subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to
@@ -130,8 +130,8 @@ DNAT work for specific prefix only.
\fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only: \fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
--static \-\-static
echo "+192.168.0.10:20.0.0.1" > /proc/net/xt_DNETMAP/20.0.0.0_26 echo "+192.168.0.10:20.0.0.1" > /proc/net/xt_DNETMAP/20.0.0.0_26
.br .br
@@ -145,12 +145,12 @@ using non-static entries.
\fB5.\fR Persistent prefix: \fB5.\fR Persistent prefix:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
--persistent \-\-persistent
.br .br
\fBor\fR \fBor\fR
.br .br
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26 iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
.br .br
echo "+persistent" > /proc/net/xt_DNETMAP/20.0.0.0_26 echo "+persistent" > /proc/net/xt_DNETMAP/20.0.0.0_26
@@ -162,11 +162,11 @@ cat /proc/net/xt_DNETMAP/20.0.0.0_26
Flush iptables nat table and see that prefix is still in existence: Flush iptables nat table and see that prefix is still in existence:
.br .br
iptables -F -t nat iptables \-F \-t nat
.br .br
ls -l /proc/net/xt_DNETMAP ls \-l /proc/net/xt_DNETMAP
.br .br
-rw-r--r-- 1 root root 0 06-10 09:01 20.0.0.0_26 \-rw\-r\-\-r\-\- 1 root root 0 06\-10 09:01 20.0.0.0_26
.br .br
-rw-r--r-- 1 root root 0 06-10 09:01 20.0.0.0_26_stat \-rw\-r\-\-r\-\- 1 root root 0 06\-10 09:01 20.0.0.0_26_stat
. .

4
extensions/libxt_geoip.man
View File

@@ -15,8 +15,8 @@ with the source package, and which should be available in compiled packages in
/usr/lib(exec)/xtables-addons/. The first command retrieves CSV files from /usr/lib(exec)/xtables-addons/. The first command retrieves CSV files from
MaxMind, while the other two build packed bisectable range files: MaxMind, while the other two build packed bisectable range files:
.PP .PP
mkdir -p /usr/share/xt_geoip; cd /tmp; $path/to/xt_geoip_dl; mkdir \-p /usr/share/xt_geoip; cd /tmp; $path/to/xt_geoip_dl;
.PP .PP
$path/to/xt_geoip_build -D /usr/share/xt_geoip GeoIP*.csv; $path/to/xt_geoip_build \-D /usr/share/xt_geoip GeoIP*.csv;
.PP .PP
The shared library is hardcoded to look in these paths, so use them. The shared library is hardcoded to look in these paths, so use them.

2
extensions/libxt_lscan.man
View File

@@ -1,4 +1,4 @@
Detects simple low-level scan attemps based upon the packet's contents. Detects simple low-level scan attempts based upon the packet's contents.
(This is (This is
different from other implementations, which also try to match the rate of new different from other implementations, which also try to match the rate of new
connections.) Note that an attempt is only discovered after it has been carried connections.) Note that an attempt is only discovered after it has been carried

12
extensions/pknock/libxt_pknock.man
View File

@@ -15,10 +15,10 @@ modprobe xt_pknock
.PP .PP
Example 1 (TCP mode, manual closing of opened port not possible): Example 1 (TCP mode, manual closing of opened port not possible):
.IP .IP
iptables -P INPUT DROP iptables \-P INPUT DROP
.IP .IP
iptables -A INPUT -p tcp -m pknock --knockports 4002,4001,4004 --strict iptables \-A INPUT \-p tcp \-m pknock \-\-knockports 4002,4001,4004 \-\-strict
--name SSH --time 10 --autoclose 60 --dport 22 -j ACCEPT \-\-name SSH \-\-time 10 \-\-autoclose 60 \-\-dport 22 \-j ACCEPT
.PP .PP
The rule will allow tcp port 22 for the attempting IP address after the successful reception of TCP SYN packets The rule will allow tcp port 22 for the attempting IP address after the successful reception of TCP SYN packets
to ports 4002, 4001 and 4004, in this order (a.k.a. port-knocking). to ports 4002, 4001 and 4004, in this order (a.k.a. port-knocking).
@@ -33,10 +33,10 @@ Example 2 (UDP mode \(em non-replayable and non-spoofable, manual closing
of opened port possible, secure, also called "SPA" = Secure Port of opened port possible, secure, also called "SPA" = Secure Port
Authorization): Authorization):
.IP .IP
iptables -A INPUT -p udp -m pknock --knockports 4000 --name FTP iptables \-A INPUT \-p udp \-m pknock \-\-knockports 4000 \-\-name FTP
--opensecret foo --closesecret bar --autoclose 240 -j DROP \-\-opensecret foo \-\-closesecret bar \-\-autoclose 240 \-j DROP
.IP .IP
iptables -A INPUT -p tcp -m pknock --checkip --name FTP --dport 21 -j ACCEPT iptables \-A INPUT \-p tcp \-m pknock \-\-checkip \-\-name FTP \-\-dport 21 \-j ACCEPT
.PP .PP
The first rule will create an "ALLOWED" record in /proc/net/xt_pknock/FTP after The first rule will create an "ALLOWED" record in /proc/net/xt_pknock/FTP after
the successful reception of an UDP packet to port 4000. The packet payload must be the successful reception of an UDP packet to port 4000. The packet payload must be

2
geoip/xt_geoip_build.1
View File

@@ -29,7 +29,7 @@ Specify a target directory into which the files are to be put.
.PP .PP
Shell commands to build the databases and put them to where they are expected: Shell commands to build the databases and put them to where they are expected:
.PP .PP
xt_geoip_build -D /usr/share/xt_geoip xt_geoip_build \-D /usr/share/xt_geoip
.SH See also .SH See also
.PP .PP
xt_geoip_dl(1) xt_geoip_dl(1)