update.

usr.sbin/npf/npfctl/npf.conf.5

@@ -1,6 +1,6 @@
-.\"	$NetBSD: npf.conf.5,v 1.6 2011/11/29 01:12:09 riz Exp $
+.\"    $NetBSD: npf.conf.5,v 1.7 2012/01/08 22:14:55 christos Exp $
 .\"
-.\" Copyright (c) 2009-2011 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2009-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This material is based upon work partially supported by The
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd March 22, 2011
+.Dd January 6, 2012
 .Dt NPF.CONF 5
 .Os
 .Sh NAME
@@ -141,7 +141,7 @@ rdr		= "rdr" iface filt-opts "->" \*[Lt]addr\*[Gt] port-opts
 
 rproc		= "procedure" \*[Lt]name\*[Gt] procs
 procs		= "{" op1 \*[Lt]newline\*[Gt], op2 \*[Lt]newline\*[Gt], ... "}"
-op		= ( "log" iface | "normalize" "(" norm-opt1 "," norm-opt2 ... ")" )
+op		= ( "log" iface | "normalise" "(" norm-opt1 "," norm-opt2 ... ")" )
 norm-opt	= [ "random-id" | "min-ttl" \*[Lt]num\*[Gt] | "max-mss" \*[Lt]num\*[Gt] | "no-df" ]
 
 group		= "group" "(" ( "default" | group-opts ) ")" ruleset
@@ -155,9 +155,9 @@ rule		= ( "block" block-opts | "pass" ) [ "in" | out" ] [ "quick" ]
 		  [ "keep state" ] [ "apply" rproc }
 
 block-opts	= [ "return-rst" | "return-icmp" | "return" ]
-filt-opts	= [ "from" ( iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt] ) port-opts ]
-		  [ "to" ( iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt] ) port-opts ]
-port-opts	= [ "port" ( \*[Lt]port-num\*[Gt] | \*[Lt]port-from\*[Gt] ":" \*[Lt]port-to\*[Gt] | def ) ]
+filt-addr	= iface | def | \*[Lt]addr/mask\*[Gt] | \*[Lt]tid\*[Gt]
+port-opts	= [ "port" ( \*[Lt]port-num\*[Gt] | \*[Lt]port-from\*[Gt] "-" \*[Lt]port-to\*[Gt] | def ) ]
+filt-opts	= [ "from" filt-addr [ port-opts ] ] [ "to" filt-addr [ port-opts ] ]
 proto-opts	= [ "flags" \*[Lt]tcp_flags\*[Gt] | "icmp-type" \*[Lt]type\*[Gt] "code" \*[Lt]code\*[Gt] ]
 .Ed
 .\" -----
@@ -171,23 +171,23 @@ default configuration file
 .\" -----
 .Sh EXAMPLES
 .Bd -literal
-ext_if = "wm0"
-int_if = "wm1"
+$ext_if = "wm0"
+$int_if = "wm1"
 
-services_tcp = "{ http, https, smtp, domain, 6000 }"
-services_udp = "{ domain, ntp, 6000 }"
+$services_tcp = { http, https, smtp, domain, 6000 }
+$services_udp = { domain, ntp, 6000 }
 
-table "1" type hash file "/etc/npf_blacklist"
-table "2" type tree dynamic
+table <1> type hash file "/etc/npf_blacklist"
+table <2> type tree dynamic
 
 nat $ext_if from 192.168.0.0/24 to any -> $ext_if
 
 procedure "log" {
-	log npflog0
+	log: npflog0
 }
 
 procedure "rid" {
-	normalize (random-id)
+	normalise: "random-id"
 }
 
 group (name "external", interface $ext_if) {
@@ -197,8 +197,8 @@ group (name "external", interface $ext_if) {
 	pass in quick inet proto tcp to $ext_if port ssh apply "log"
 	pass in quick proto tcp to $ext_if port $services_tcp
 	pass in quick proto udp to $ext_if port $services_udp
-	pass in quick proto tcp to $ext_if port 49151:65535	# Passive FTP
-	pass in quick proto udp to $ext_if port 33434:33600	# Traceroute
+	pass in quick proto tcp to $ext_if port 49151-65535	# Passive FTP
+	pass in quick proto udp to $ext_if port 33434-33600	# Traceroute
 }
 
 group (name "internal", interface $int_if) {