[src/trunk]: src/external/bsd/blacklist/bin Document the options as a list in...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/external/bsd/blacklist/bin Document the options as a list in...
From: christos <christos%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 19:26:28 +0000

details:   https://anonhg.NetBSD.org/src/rev/ddbe109521c2
branches:  trunk
changeset: 338699:ddbe109521c2
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Jun 04 16:01:09 2015 +0000

description:
Document the options as a list instead of embedded text.

diffstat:

 external/bsd/blacklist/bin/blacklistd.8 |  103 +++++++++++++++++++++++++------
 1 files changed, 81 insertions(+), 22 deletions(-)

diffs (148 lines):

diff -r e9d032ea66eb -r ddbe109521c2 external/bsd/blacklist/bin/blacklistd.8
--- a/external/bsd/blacklist/bin/blacklistd.8   Thu Jun 04 09:20:12 2015 +0000
+++ b/external/bsd/blacklist/bin/blacklistd.8   Thu Jun 04 16:01:09 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: blacklistd.8,v 1.12 2015/06/02 21:03:46 snj Exp $
+.\" $NetBSD: blacklistd.8,v 1.13 2015/06/04 16:01:09 christos Exp $
 .\"
 .\" Copyright (c) 2015 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd April 29, 2015
+.Dd June 4, 2015
 .Dt BLACKLISTD 8
 .Os
 .Sh NAME
@@ -90,7 +90,7 @@
 .Dq remove
 Then the same control script is invoked as:
 .Bd -literal -offset indent
-control add <rulename> <proto> <address> <mask> <port>
+control remove <rulename> <proto> <address> <mask> <port> <id>
 .Ed
 .Pp
 where
@@ -103,19 +103,6 @@
 maintains a database of known connections in
 .Ar dbfile .
 On startup it reads entries from that file, and updates its internal state.
-If the
-.Fl f
-flag is specified, then the database is truncated an all the rules named
-.Ar rulename
-are deleted by invoking the control script as:
-.Bd -literal -offset indent
-control flush <rulename>
-.Ed
-If the
-.Fl r
-flag is specified, the firewall rules are re-read from the internal database
-and are removed and re-added.
-This helps for packet filters that don't retain state across reboots.
 .Pp
 .Nm
 checks the list of active entries every
@@ -124,22 +111,94 @@
 .Dv 15 )
 and removes entries and block rules using the control program as necessary.
 .Pp
+.Pp
+The following options are available:
+.Bl -tag -width indent
+.It Fl C Ar controlprog
+Use
+.Ar controlprog
+to communicate with the packet filter, usually
+.Pa /libexec/blacklistd-helper .
+The following arguments are passed to the control program:
+.Bl -tag -width protocol indent
+.It action
+The action to perform: 
+.Dv add ,
+.Dv rem ,
+or
+.Dv flush 
+to add, remove or flush a firewall rule.
+.It name
+The rule name.
+.It protocol
+The optional protocol name (can be empty):
+.Dv tcp ,
+.Dv tcp6 ,
+.Dv udp ,
+.Dv udp6 .
+.It address
+The IPv4 or IPv6 numeric address to be blocked or released.
+.It mask
+The numeric mask to be applied to the blocked or released address
+.It port
+The optional numeric port to be blocked (can be empty).
+.It id
+For packet filters that support removal of rules by rule identifier, the
+identifier of the rule to be removed.
+The add command is expected to return the rule identifier string to stdout.
+.El
+.It Fl c Ar configuration
+The name of the configuration file to read, usually
+.Pa /etc/blacklistd.conf .
+.It Fl D Ar dbfile
+The Berkeley DB file where
+.Nm
+stores its state, usually
+.Pa /var/run/blacklistd.db .
+.It Fl d
 Normally,
 .Nm
-disassociates itself from the terminal and writes messages to
-.Xr syslogd 8 ,
-unless the
+disassociates itself from the terminal unless the
 .Fl d
 flag is specified, in which case it stays in the foreground.
-The
-.Fl v
-cases
+.It Fl f
+Truncate the state database and flush all the rules named
+.Ar rulename
+are deleted by invoking the control script as:
+.Bd -literal -offset indent
+control flush <rulename>
+.Ed
+.It Fl P Ar sockspathsfile
+A file containing a list of pathnames, one per line that
+.Nm
+will create sockets to listen to.
+This is useful for chrooted environments.
+.It Fl R Ar rulename
+Specify the default rule name for the packet filter rules, usually
+.Dv blacklistd .
+.It Fl r
+Re-read the firewall rules from the internal database, then
+remove and re-add them.
+This helps for packet filters that don't retain state across reboots.
+.It Fl s Ar sockpath
+Add
+.Ar sockpath
+to the list of Unix sockets
+.Nm
+listens to.
+.It Fl t Ar timeout
+The interval in seconds
+.Nm
+polls the state file to update the rules.
+.It Fl v
+Cause
 .Nm
 to print
 diagnostic messages to
 .Dv stdout
 instead of
 .Xr syslogd 8 .
+.El
 .Sh FILES
 .Bl -tag -width /libexec/blacklistd-helper -compact
 .It Pa /libexec/blacklistd-helper

Prev by Date: [src/trunk]: src/share/man/man4/man4.amiga Cross-reference xsh(4) and xsurf(4).
Next by Date: [src/trunk]: src/external/bsd/blacklist/bin Whitespace and macro fixes.
Previous by Thread: [src/trunk]: src/share/man/man4/man4.amiga Cross-reference xsh(4) and xsurf(4).
Next by Thread: [src/trunk]: src/external/bsd/blacklist/bin Whitespace and macro fixes.
Indexes:

Home | Main Index | Thread Index | Old Index