Update docco for new options.

[fwd] / fw.1

diff --git a/fw.1 b/fw.1
index 4419f14..251aa5a 100644 (file)
--- a/fw.1
+++ b/fw.1
@@ -1,6 +1,6 @@
 .\" -*-nroff-*-
 .\"
-.\" $Id: fw.1,v 1.15 2003/01/24 20:13:04 mdw Exp $
+.\" $Id: fw.1,v 1.16 2003/11/25 14:46:50 mdw Exp $
 .\"
 .\" Manual page for fw
 .\"
@@ -28,6 +28,9 @@
 .\" ---- Revision history ---------------------------------------------------
 .\" 
 .\" $Log: fw.1,v $
+.\" Revision 1.16  2003/11/25 14:46:50  mdw
+.\" Update docco for new options.
+.\"
 .\" Revision 1.15  2003/01/24 20:13:04  mdw
 .\" Fix bogus examples.  Explain quoting rules for `exec' endpoints.
 .\"
@@ -1077,11 +1080,23 @@ The
 .B inet
 source address accepts the following options:
 .OS "Socket options"
-.BR socket.inet. [ allow | deny ]
-.RB [ from ]
-.I address
+.B socket.inet.source.addr
+.RB [ = ]
+.RR any | \c
+.I addr
+.OD
+Specify the IP address on which to listen for incoming connections.  The
+default is
+.BR any ,
+which means to listen on all addresses, though it may be useful to
+specify this explicitly, if the global setting is different.
+.OE
+.OS "Socket options"
+.BR socket.inet.source. [ allow | deny ]
+.RB [ host ]
+.I addr
 .RB [ /
-.IR address ]
+.IR addr ]
 .OD
 Adds an entry to the source's access control list.  If only one
 .I address
@@ -1094,6 +1109,26 @@ and
 mean the same), and the entry applies to any address which, when masked
 by the netmask, is equal to the masked network address.
 .OE
+.OS "Socket options"
+.BR socket.inet.source. [ allow | deny ]
+.B priv-port
+.OD
+Accept or reject connections from low-numbered `privileged' ports, in
+the range 0--1023.
+.OE
+.OS "Socket options"
+.B socket.inet.dest.addr
+.RB [ = ]
+.RR any | \c
+.I addr
+.OD
+Specify the IP address to bind the local socket to when making an
+outbound connection.  The default is
+.BR any ,
+which means to use whichever address the kernel thinks is most
+convenient.  This option is useful if the destination is doing
+host-based access control and your server is multi-homed.
+.OE
 .PP
 The access control rules are examined in the order: local entries first,
 then global ones, each in the order given in the configuration file.
@@ -1502,11 +1537,24 @@ exec
 .RB [ = ]
 .BR yes | no
 .PP
-.BR socket.inet. [ allow | deny ]
-.RB [ from ]
-.I address
+.BR socket.inet.source. [ allow | deny ]
+.RB [ host ]
+.I addr
 .RB [ /
-.IR address ]
+.IR addr ]
+.br
+.BR socket.inet.source. [ allow | deny ]
+.B priv-port
+.br
+.B socket.inet.source.addr
+.RB [ = ]
+.BR any | \c
+.I addr
+.br
+.B socket.inet.dest.addr
+.RB [ = ]
+.BR any | \c
+.I addr
 .PP
 .BR socket.unix.fattr. *
 .