.\" -*-nroff-*-
.\"
-.\" $Id: fw.1,v 1.3 1999/07/30 06:49:00 mdw Exp $
+.\" $Id$
.\"
.\" Manual page for fw
.\"
.\" along with `fw'; if not, write to the Free Software Foundation,
.\" Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
.
-.\" ---- Revision history ---------------------------------------------------
-.\"
-.\" $Log: fw.1,v $
-.\" Revision 1.3 1999/07/30 06:49:00 mdw
-.\" Minor tidying and typo correction.
-.\"
-.\" Revision 1.2 1999/07/26 23:31:04 mdw
-.\" Document lots of new features and syntax.
-.\"
-.
.\"----- Various bits of fancy styling --------------------------------------
.
.\" --- Indented paragraphs with right-aligned tags ---
.sp 1
..
.
+.\" --- Grammar markup ---
+.\"
+.\" This is mainly for the benefit of the automatic scripts which
+.\" generate the grammar summary.
+.
+.de GS
+.PP
+..
+.de GE
+.PP
+..
+.
+.de OS
+.PP
+..
+.de OD
+.RS
+..
+.de OE
+.RE
+..
+.
.\" --- Other bits of styling ---
.
.ie t \{\
.
.\"--------------------------------------------------------------------------
.
-.TH fw 1 "1 July 1999" fw
+.TH fw 1 "1 July 1999" "Straylight/Edgeware" "fw port forwarder"
.
.\"--------------------------------------------------------------------------
.SH NAME
.SH SYNOPSIS
.
.B fw
-.RB [ \-dq ]
+.RB [ \-dlq ]
.RB [ \-f
.IR file ]
+.RB [ \-s
+.IR user ]
+.RB [ \-g
+.IR group ]
.IR config-stmt ...
.
.\"--------------------------------------------------------------------------
.B "\-u, \-\-usage"
Writes a terse usage summary to standard output and exits successfully.
.TP
+.B "\-G, \-\-grammar"
+Writes a summary of the configuration file grammar to standard output
+and exits successfully.
+.TP
+.B "\-O, \-\-options"
+Writes a summary of the source and target options to standard output and
+exits successfully.
+.TP
.BI "\-f, \-\-file=" file
Read configuration information from
.IR file .
Forks into the background after reading the configuration and
initializing properly.
.TP
-.B "-q, \-\-quiet"
+.B "\-l, \-\-syslog, \-\-log"
+Emit logging information to the system log, rather than standard error.
+.TP
+.B "\-q, \-\-quiet"
Don't output any logging information. This option is not recommended
for normal use, although it can make system call traces clearer so I use
it when debugging.
+.TP
+.BI "\-s, \-\-setuid=" user
+Change uid to that of
+.IR user ,
+which may be either a user name or uid number, after initializing all
+the sources. This will usually require elevated privileges.
+.TP
+.BI "\-g, \-\-setgid=" group
+Change gid to that of
+.IR group ,
+which may be either a group name or gid number, after initializing all
+the sources. If the operating system understands supplementary groups
+then the supplementary groups list is altered to include only
+.IR group .
.PP
Any further command line arguments are interpreted as configuration
lines to be read. Configuration supplied in command line arguments has
.RB ` [ '
and
.RB ` ; ',
-require escaping by the shell, they are strictly optional in the grammar
-and can be omitted in quick hacks at the shell prompt.
+require escaping by the shell, they are mostly optional in the grammar
+and can tend to be omitted in quick hacks at the shell prompt.
.TP
.I "whitespace characters"
Whitespace characters separate words but are otherwise ignored. All
.
.SS "Basic syntax"
The overall syntax looks a bit like this:
-.PP
+.GS "Basic syntax"
.I file
::=
.I empty
.I option-stmt
.RB [ ; ]
.I option-seq
-.PP
+.GE
If you prefer, the keyword
.RB ` fw '
may be spelt
A global option, outside of a
.I fw-stmt
has no context unless it is explicitly qualified, and affects global
-behaviour. Local options, applied to a source or target in a
-.I fw-stmt
+behaviour. A local option, applied to a source or target in a
+.IR fw-stmt ,
has the context of the type of source or target to which it is applied,
and affects only that source or target.
.PP
specific source or target.
.PP
The syntax for qualifying options is like this:
-.PP
+.GS "Option syntax"
.I option-stmt
::=
.I q-option
.br
|
.I prefix
-.B .
+.B .\&
.I q-option
.br
|
.I prefix
::=
.I word
-.PP
+.GE
Thus, you may qualify either an individual option or a sequence of
options. The two are equivalent; for example,
.VS
cpu = 60;
}
.VE
-is equivalent to
+means the same as
.VS
exec.rlimit.core = 0;
exec.rlimit.cpu = 0;
.PP
In this manual, options are usually shown in their fully-qualified form.
.
+.SS "File attributes for created files: `fattr'"
+Both the
+.B file
+and
+.B socket
+sources and targets can create new filesystem objects. The
+.B fattr
+options allow control over the attributes of the newly-created objects.
+Both
+.B file
+and
+.B socket
+use the same set of defaults, so a prefix of
+.B fattr
+is good enough for setting global options, and the implicit context
+disambiguates local options.
+.PP
+The following file attribute options are supported:
+.OS "File attribute options (`fattr')"
+.IB prefix .fattr.mode
+.RB [ = ]
+.I mode
+.OD
+Sets the permissions mode for a new file. The
+.I mode
+argument may be either an octal number or a
+.BR chmod (1)-style
+string which acts on the default permissions established by the
+prevailing
+.BR umask (2)
+setting. The characters
+.RB ` = '
+and
+.RB ` , '
+do not have to be quoted within the mode string.
+.OE
+.OS "File attribute options (`fattr')"
+.IB prefix .fattr.owner
+.RB [ = ]
+.I user
+.OD
+Sets the owner for newly created files. On non-broken systems you will
+need to be the superuser to set the owner on a file. The
+.I user
+may either be a numeric uid or a username. The default is not to change
+the owner of the file once it's created. The synonyms
+.B uid
+and
+.B user
+are accepted in place of
+.BR owner .
+.OE
+.OS "File attribute options (`fattr')"
+.IB prefix .fattr.group
+.RB [ = ]
+.I group
+.OD
+Sets the group for newly created files. You will usually need to be a
+member of the group in question order to set the group of a file. The
+.I group
+may either be a numeric gid or a group name. The default is not to
+change the group of the file once it's created. The synonym
+.B gid
+is accepted in place of
+.BR group .
+.OE
+.
.SS "The `file' source and target types"
The
.B file
The syntax of
.B file
sources and targets is like this:
-.PP
+.GS "File sources and targets"
.I source
::=
.I file
.I file
::=
.B file
-.RB [ . ]
+.RB [ .\& ]
.I fspec
.RB [ ,
.IR fspec ]
.br
.I name-spec
::=
-.RB [[ : ] file [ : ]]
+.RB [[ : ] name [ : ]]
.I file-name
.br
.I file-name
.br
.I null-spec
::=
-.RB [[ : ] null [ : ]]
-.PP
+.RB [ : ] null [ : ]
+.GE
The
.I file
specification describes two files, the first to be used as input, the
.B file
options apply equally to sources and targets. The options are as
follows:
-.PP
+.OS "File options"
.B file.create
.RB [ = ]
.BR yes | no
-.RS
+.OD
Whether to create the output file if it doesn't exist. If
.B no
(the default), an error is reported if the file doesn't exist. If
.BR yes ,
the file is created if it doesn't exist.
-.RE
-.PP
+.OE
+.OS "File options"
.B file.open
.RB [ = ]
.BR no | truncate | append
-.RS
+.OD
Controls the behaviour if the output file already exists. If
.BR no ,
an error is reported. If
(the default), the existing file is replaced by the new data. If
.BR append ,
the new data is appended to the file.
-.RE
-.PP
-Under no circumstances will
-.B fw
-create a file through a `dangling' symbolic link.
-.PP
+.OE
+.OS "File options"
+.BR file.fattr.*
+.OD
The
.B file
source and target also accept
.B fattr
-options for controlling the attributes of the created file. The prefix
-for setting file attributes is
-.BR file.fattr .
-.
-.SS "File attributes for created files `fattr'"
-Both the
-.B file
-and
-.B socket
-sources and targets can create new filesystem objects. The
-.B fattr
-options allow control over the attributes of the newly-created objects.
-Both
-.B file
-and
-.B socket
-use the same set of defaults, so a prefix of
-.B fattr
-is good enough for setting global options, and the implicit context
-disambiguates local options.
-.PP
-The following file attribute options are supported:
-.PP
-.IB prefix .fattr.mode
-.RB [ = ]
-.I mode
-.RS
-Sets the permissions mode for a new file. The
-.I mode
-argument may be either an octal number or a
-.BR chmod (1)-style
-string which acts on the default permissions established by the
-prevailing
-.BR umask (2)
-setting. Note that
-.BR chmod -style
-strings may contain
-.RB ` = '
-and
-.RB ` , '
-characters that will need to be escaped or quoted.
-.RE
-.PP
-.IB prefix .fattr.owner
-.RB [ = ]
-.I user
-.RS
-Sets the owner for newly created files. On non-broken systems you will
-need to be the superuser to set the owner on a file. The
-.I user
-may either be a numeric uid or a username. The default is not to change
-the owner of the file once it's created. The synonyms
-.B uid
-and
-.B user
-are accepted in place of
-.BR owner .
-.RE
+options for controlling the attributes of the created file.
+.OE
.PP
-.IB prefix .fattr.group
-.RB [ = ]
-.I group
-.RS
-Sets the group for newly created files. You will usually need to be a
-member of the group in question order to set the group of a file. The
-.I group
-may either be a numeric gid or a group name. The default is not to
-change the group of the file once it's created. The synonym
-.B gid
-is accepted in place of
-.BR group .
-.RE
+Under no circumstances will
+.B fw
+create a file through a `dangling' symbolic link.
.
.SS "The `exec' source and target types"
The
source and target execute programs and allow access to their standard
input and output streams. Both source and target have the same syntax,
which is as follows:
-.PP
+.GS "Exec source and target"
.I source
::=
.I exec
.I exec
::=
.BR exec
-.RB [ . ]
+.RB [ .\& ]
.I cmd-spec
.br
.I cmd-spec
.I argv0
::=
.I word
-.PP
+.GE
If a single word is given, it is a
.I shell-cmd
and will be passed to the Bourne shell for execution. If a
.RI ( argv0 )
is used.
.PP
+Note that the shell command or program name string must, if present,
+have any delimiter characters (including
+.RB ` / '
+and
+.RB ` . ')
+quoted; this is not required in the
+.RB ` [ '-enclosed
+argument list.
+.PP
The standard input and output of the program are forwarded to the other
end of the connection. The standard error stream is caught by
.B fw
.B exec
source and target both understand the same set of options. The list of
options supported is as follows:
-.PP
+.OS "Exec options"
.B exec.logging
.RB [ = ]
.BR yes | no
-.RS
+.OD
Whether to log the start and end of executed programs. If
.B yes
(the default), a log message is emitted when the program is started
.B log
abbreviation is accepted as a synonym for
.BR logging .
-.RE
-.PP
+.OE
+.OS "Exec options"
.B exec.dir
.RB [ = ]
.I file-name
-.RS
+.OD
Sets the current directory from which the the program should be run.
The default is not to change directory. The synonyms
.BR cd ,
.B cwd
are accepted in place of
.BR dir .
-.RE
-.PP
+.OE
+.OS "Exec options"
.B exec.root
.RB [ = ]
.I file-name
-.RS
+.OD
Sets the root directory for the program, using the
.BR chroot (2)
system call. You must be the superuser for this option to work. The
-default is not to set a root directory. The synonyms
-.BR cd ,
-.B chdir
-and
-.B cwd
-are accepted in place of
-.B dir .
-.RE
-.PP
+default is not to set a root directory. The synonym
+.B chroot
+is accepted in place of
+.BR root .
+.OE
+.OS "Exec options"
.B exec.user
.RB [ = ]
.I user
-.RS
+.OD
Sets the user (real and effective uid) to run the program as. This will
usually require superuser privileges to work. The default is not to
change uid. The synonym
.B uid
is accepted in place of
.BR user .
-.RE
-.PP
+.OE
+.OS "Exec options"
.B exec.group
.RB [ = ]
.I group
-.RS
+.OD
Sets the group (real and effective gid) to run the program as. If
running with superuser privileges, the supplementary groups list is
cleared at the same time. The default is not to change gid (or clear
.B gid
is accepted in place of
.BR group .
-.RE
-.PP
+.OE
+.OS "Exec options"
.BI exec.rlimit. limit \c
.RB [ .hard | .soft ]
.RB [ = ]
.I value
-.RS
+.OD
Set resource limits for the program. The
.I limit
may be one of the resource limit names described in
was specified, only the hard or soft limit is set; otherwise both are
set to the same value. Only the superuser can raise the hard limit.
The soft limit cannot be set above the hard limit.
-.RE
-.PP
+.OE
+.OS "Exec options"
.B exec.env.clear
-.RS
+.OD
Clears the program's environment.
-.RE
+.OE
.PP
.B exec.env.unset
.I var
-.RS
+.OD
Removes
.I var
from the program's environment. It is not an error if no variable named
.I var
exists.
-.RE
-.PP
+.OE
+.OS "Exec options"
.BR exec.env. [ set ]
.I var
.RB [ = ]
.I value
-.RS
+.OD
Assigns the variable
.I var
the value
may be omitted if the
.B env
qualifier is present.
-.RE
+.OE
.PP
Note that environment variable modifications are performed in order,
global modifications before local ones.
address types can be added with reasonable ease.
.PP
The syntax for socket sources and targets is:
-.PP
+.GS "Socket source and target"
.ll +8i
.I source
::=
.br
.I socket-source
::=
-.RB [ socket [ . ]]
+.RB [ socket [ .\& ]]
.RB [[ : ] \c
.IR addr-type \c
.RB [ : ]]
.br
.I socket-target
::=
-.RB [ socket [ . ]]
+.RB [ socket [ .\& ]]
.RB [[ : ] \c
.IR addr-type \c
.RB [ : ]]
.I target-addr
.ll -8i
-.PP
+.GE
The syntax of the source and target addresses depend on the address
types, which are described below. The default address type, if no
.I addr-type
.PP
Socket sources support options; socket targets do not. The source
options provided are:
-.PP
+.OS "Socket options"
.B socket.conn
.RB [ = ]
+.IR number | \c
+.BR unlimited | one-shot
+.OD
+Controls the behaviour of the source when it receives connections. A
.I number
-.RS
-Limits the number of simultaneous connections to this socket to the
+limits the number of simultaneous connections. The value
+.B unlimited
+(or
+.BR infinite )
+removes any limit on the number of connections possible. The value
+.B one-shot
+will remove the socket source after a single successful connection.
+(Connections refused by access control systems don't count here.)
+The default is to apply a limit of 256 concurrent connections. Use of
+the
+.B unlimited
+option is not recommended.
+.OE
+.OS "Socket options"
+.B socket.listen
+.RB [ = ]
.I number
-given. The default is 256.
-.RE
-.PP
+.OD
+Sets the maximum of the kernel incoming connection queue for this socket
+source. This is the number given to the
+.BR listen (2)
+system call. The default is 5.
+.OE
+.OS "Socket options"
.B socket.logging
.RB [ = ]
.BR yes | no
-.RS
+.OD
Whether to log incoming connections. If
.B yes
(the default) incoming connections are logged, together with information
accepted or refused. If
.BR no ,
log messages are not generated.
-.RE
+.OE
.PP
Address types also provide their own options.
.
address type provides access to TCP ports. The
.B inet
source and target addresses have the following syntax:
-.PP
+.GS "Socket source and target"
.I inet-source-addr
::=
.RB [ port ]
.br
.I addr-elt
::=
-.B .
+.B .\&
|
.I word
-.PP
+.GE
A
.I port
may be given as a port number or a service name from the
The
.B inet
source address accepts the following options:
-.PP
-.BR socket.inet. [ allow | deny ]
-.RB [ from ]
-.I address
+.OS "Socket options"
+.B socket.inet.source.addr
+.RB [ = ]
+.RR any | \c
+.I addr
+.OD
+Specify the IP address on which to listen for incoming connections. The
+default is
+.BR any ,
+which means to listen on all addresses, though it may be useful to
+specify this explicitly, if the global setting is different.
+.OE
+.OS "Socket options"
+.BR socket.inet.source. [ allow | deny ]
+.RB [ host ]
+.I addr
.RB [ /
-.IR address ]
-.RS
+.IR addr ]
+.OD
Adds an entry to the source's access control list. If only one
.I address
is given, the entry applies only to that address; if two are given, the
.B /26
mean the same), and the entry applies to any address which, when masked
by the netmask, is equal to the masked network address.
+.OE
+.OS "Socket options"
+.BR socket.inet.source. [ allow | deny ]
+.B priv-port
+.OD
+Accept or reject connections from low-numbered `privileged' ports, in
+the range 0--1023.
+.OE
+.OS "Socket options"
+.B socket.inet.dest.addr
+.RB [ = ]
+.RR any | \c
+.I addr
+.OD
+Specify the IP address to bind the local socket to when making an
+outbound connection. The default is
+.BR any ,
+which means to use whichever address the kernel thinks is most
+convenient. This option is useful if the destination is doing
+host-based access control and your server is multi-homed.
+.OE
+.OS "Socket options"
+.B socket.inet.dest.priv-port
+.RB [=]
+.BR yes | no
+.OD
+Make a privileged connection (i.e., from a low-numbered port) to the
+target. This only works if
+.B fw
+was started with root privileges. However, it still works if
+.B fw
+has
+.I dropped
+privileges after initialization (the
+.B \-s
+option). Before dropping privileges,
+.B fw
+forks off a separate process which continues to run with root
+privileges, and on demand passes sockets bound to privileged ports and
+connected to the appropriate peer back to the main program. The
+privileged child only passes back sockets connected to peer addresses
+named in the configuration; even if the
+.B fw
+process is compromised, it can't make privileged connections to other
+addresses. Note that because of this privilege separation, it's also
+not possible to reconfigure
+.B fw
+to make privileged connections to different peer addresses later by
+changing configuration files and sending the daemon a
+.BR SIGHUP .
+.OE
.PP
-The access
-control rules are examined in the order: local entries first, then
-global ones, each in the order given in the configuration file. The
-first matching entry is used. If no entries match, the behaviour is the
+The access control rules are examined in the order: local entries first,
+then global ones, each in the order given in the configuration file.
+The first matching entry is used. If no entries match, the behaviour is
+the
.I opposite
of the last entry tried. If there are no entries defined, the default
is to allow all clients.
-.RE
.
.SS "The `unix' socket address type"
The
address type allows access to Unix-domain sockets. The syntax for
.B unix
source and target addresses is like this:
-.PP
-.I source-addr
-::=
-.I unix-addr
-.br
-.I target-addr
+.GS "Socket source and target"
+.I unix-source-addr
::=
-.I unix-addr
+.I file-name
.br
-.I unix-addr
+.I unix-target-addr
::=
.I file-name
-.PP
+.GE
+The following options are supported by the
+.B unix
+source address type:
+.OS "Socket options"
+.BR socket.unix.fattr. *
+.OD
The
.B unix
source address accepts
.B fattr
-options to control the attributes of the socket file created. Sockets
-are removed if
+options to control the attributes of the socket file created.
+.OE
+.PP
+Sockets are removed if
.B fw
exits normally (which it will do if it runs out of sources or
-connections, or if killed by SIGINT or SIGTERM).
+connections, or if
+.B fw
+shuts down in a clean way).
.SH "EXAMPLES"
To forward the local port 25 to a main mail server:
.VS
To emulate
.BR cat (1):
.VS
-from stdin, null to null, stdout
+from file stdin, null to file null, stdout
.VE
+.sp -1 \" undo final space
.
.\"--------------------------------------------------------------------------
-.SH "BUGS"
+.SH "SIGNAL HANDLING"
.
-The syntax for IP addresses and filenames is nasty. The requirement
-that textual permissions strings be quoted is probably nastier.
-.PP
-IPv6 is not supported yet. It's probably not a major piece of work to
-add.
+The
+.B fw
+program responds to various signals when it's running. If it receives
+.B SIGTERM
+or
+.BR SIGINT ,
+.B fw
+performs a
+.I graceful
+shutdown: it removes all of its sources, and will exit when no more
+connections are running. (Note that if the disposition
+.B SIGINT
+was to ignore it,
+.B fw
+does not re-enable the signal. You'll have to send
+.B SIGTERM
+in that case.) If
+.B fw
+receives
+.BR SIGQUIT ,
+it performs an
+.I abrupt
+shutdown: it removes all sources and extant connections and closes down
+more-or-less immediately.
.PP
-Please inform me of any security problems you think you've identified in
-this program. I take security very seriously, and I will fix security
-holes as a matter of priority when I find out about them. I will be
-annoyed if I have to read about problems on Bugtraq because they weren't
-mailed to me first.
+Finally, if any configuration files (other than standard input) were
+provided to
+.B fw
+on its command line using the
+.B \-f
+option, a
+.B SIGHUP
+signal may be sent to instruct
+.B fw
+to reload its configuration. Any existing connections are allowed to
+run their course. If no such configuration files are available,
+.B fw
+just logs a message about the signal and continues.
+.
+.\"--------------------------------------------------------------------------
+.SH "GRAMMAR SUMMARY"
+.
+.SS "Basic syntax"
+.I file
+::=
+.I empty
+|
+.I file
+.I stmt
+.RB [ ; ]
+.br
+.I stmt
+::=
+.I option-stmt
+|
+.I fw-stmt
+.br
+.I fw-stmt
+::=
+.B fw
+.I source
+.I options
+.RB [ to | \-> ]
+.I target
+.I options
+.br
+.I options
+::=
+.B {
+.I option-seq
+.B }
+.br
+.I option-seq
+::=
+.I empty
+|
+.I option-stmt
+.RB [ ; ]
+.I option-seq
+.
+.SS "Option syntax"
+.I option-stmt
+::=
+.I q-option
+.br
+.I q-option
+::=
+.I option
+.br
+ |
+.I prefix
+.B .\&
+.I q-option
+.br
+ |
+.I prefix
+.B {
+.I option-seq
+.B }
+.br
+.I prefix
+::=
+.I word
+.
+.SS "File source and target"
+.I source
+::=
+.I file
+.br
+.I target
+::=
+.I file
+.br
+.I file
+::=
+.B file
+.RB [ .\& ]
+.I fspec
+.RB [ ,
+.IR fspec ]
+.br
+.I fspec
+::=
+.I fd-spec
+|
+.I name-spec
+|
+.I null-spec
+.br
+.I fd-spec
+::=
+.RB [[ : ] fd [ : ]]
+.IR number \c
+.RB | stdin | stdout
+.br
+.I name-spec
+::=
+.RB [[ : ] name [ : ]]
+.I file-name
+.br
+.I file-name
+::=
+.I path-seq
+|
+.B [
+.I path-seq
+.B ]
+.br
+.I path-seq
+::=
+.I path-elt
+|
+.I path-seq
+.I path-elt
+.br
+.I path-elt
+::=
+.B /
+|
+.I word
+.br
+.I null-spec
+::=
+.RB [ : ] null [ : ]
+.
+.SS "Exec source and target"
+.I source
+::=
+.I exec
+.br
+.I target
+::=
+exec
+.br
+.I exec
+::=
+.BR exec
+.RB [ .\& ]
+.I cmd-spec
+.br
+.I cmd-spec
+::=
+.I shell-cmd
+|
+.RI [ prog-name ]
+.B [
+.I argv0
+.I arg-seq
+.B ]
+.br
+.I arg-seq
+::=
+.I word
+|
+.I arg-seq
+.I word
+.br
+.I shell-cmd
+::=
+.I word
+.br
+.I argv0
+::=
+.I word
+.
+.SS "Socket source and target"
+.ll +8i
+.I source
+::=
+.I socket-source
+.br
+.I target
+::=
+.I socket-target
+.br
+.I socket-source
+::=
+.RB [ socket [ .\& ]]
+.RB [[ : ] \c
+.IR addr-type \c
+.RB [ : ]]
+.I source-addr
+.br
+.I socket-target
+::=
+.RB [ socket [ .\& ]]
+.RB [[ : ] \c
+.IR addr-type \c
+.RB [ : ]]
+.I target-addr
+.ll -8i
+.PP
+.I inet-source-addr
+::=
+.RB [ port ]
+.I port
+.br
+.I inet-target-addr
+::=
+.I address
+.RB [ : ]
+.I port
+.br
+.I address
+::=
+.I addr-elt
+|
+.I address
+.I addr-elt
+.br
+.I addr-elt
+::=
+.B .\&
+|
+.I word
+.PP
+.I unix-source-addr
+::=
+.I file-name
+.br
+.I unix-target-addr
+::=
+.I file-name
+.
+.\"--------------------------------------------------------------------------
+.SH "OPTION SUMMARY"
+.
+.SS "File attributes (`fattr')"
+.IB prefix .fattr.mode
+.RB [ = ]
+.I mode
+.br
+.IB prefix .fattr.owner
+.RB [ = ]
+.I user
+.br
+.IB prefix .fattr.group
+.RB [ = ]
+.I group
+.
+.SS "File options"
+.B file.create
+.RB [ = ]
+.BR yes | no
+.br
+.B file.open
+.RB [ = ]
+.BR no | truncate | append
+.br
+.BR file.fattr. *
+.
+.SS "Exec options"
+.B exec.logging
+.RB [ = ]
+.BR yes | no
+.br
+.B exec.dir
+.RB [ = ]
+.I file-name
+.br
+.B exec.root
+.RB [ = ]
+.I file-name
+.br
+.B exec.user
+.RB [ = ]
+.I user
+.br
+.B exec.group
+.RB [ = ]
+.I group
+.br
+.BI exec.rlimit. limit \c
+.RB [ .hard | .soft ]
+.RB [ = ]
+.I value
+.br
+.B exec.env.clear
+.br
+.B exec.env.unset
+.I var
+.br
+.BR exec.env. [ set ]
+.I var
+.RB [ = ]
+.I value
+.
+.SS "Socket options"
+.B socket.conn
+.RB [ = ]
+.IR number | \c
+.BR unlimited | one-shot
+.br
+.B socket.listen
+.RB [ = ]
+.I number
+.br
+.B socket.logging
+.RB [ = ]
+.BR yes | no
+.PP
+.BR socket.inet.source. [ allow | deny ]
+.RB [ host ]
+.I addr
+.RB [ /
+.IR addr ]
+.br
+.BR socket.inet.source. [ allow | deny ]
+.B priv-port
+.br
+.B socket.inet.source.addr
+.RB [ = ]
+.BR any | \c
+.I addr
+.br
+.B socket.inet.dest.addr
+.RB [ = ]
+.BR any | \c
+.I addr
+.br
+.B socket.inet.dest.priv-port
+.RB [=]
+.BR yes | no
+.PP
+.BR socket.unix.fattr. *
+.
+.\"--------------------------------------------------------------------------
+.SH "BUGS"
+.
+The syntax for IP addresses and filenames is nasty.
+.PP
+IPv6 is not supported yet. Because of
+.BR fw 's
+socket address architecture, it's probably not a major piece of work to
+add.
+.PP
+Please inform me of any security problems you think you've identified in
+this program. I take security very seriously, and I will fix security
+holes as a matter of priority when I find out about them. I will be
+annoyed if I have to read about problems on Bugtraq because they weren't
+mailed to me first.
+.PP
+The program is too complicated, and this manual page is too long.
.
.\"--------------------------------------------------------------------------
.SH "AUTHOR"
~mdw / fwd / blobdiff