X-Git-Url: https://git.distorted.org.uk/~mdw/fwd/blobdiff_plain/23be5eb020ce25ee3890daf09c6dc637e0738cdb..1c2054c7558f523dec9d7c1f243a2ceddd81c781:/fw.1 diff --git a/fw.1 b/fw.1 index 140f0f5..251aa5a 100644 --- a/fw.1 +++ b/fw.1 @@ -1,6 +1,6 @@ .\" -*-nroff-*- .\" -.\" $Id: fw.1,v 1.14 2002/02/23 00:05:12 mdw Exp $ +.\" $Id: fw.1,v 1.16 2003/11/25 14:46:50 mdw Exp $ .\" .\" Manual page for fw .\" @@ -28,6 +28,12 @@ .\" ---- Revision history --------------------------------------------------- .\" .\" $Log: fw.1,v $ +.\" Revision 1.16 2003/11/25 14:46:50 mdw +.\" Update docco for new options. +.\" +.\" Revision 1.15 2003/01/24 20:13:04 mdw +.\" Fix bogus examples. Explain quoting rules for `exec' endpoints. +.\" .\" Revision 1.14 2002/02/23 00:05:12 mdw .\" Fix spacing around full stops (at last!). .\" @@ -785,6 +791,15 @@ otherwise the file named by the first argument .RI ( argv0 ) is used. .PP +Note that the shell command or program name string must, if present, +have any delimiter characters (including +.RB ` / ' +and +.RB ` . ') +quoted; this is not required in the +.RB ` [ '-enclosed +argument list. +.PP The standard input and output of the program are forwarded to the other end of the connection. The standard error stream is caught by .B fw @@ -1065,11 +1080,23 @@ The .B inet source address accepts the following options: .OS "Socket options" -.BR socket.inet. [ allow | deny ] -.RB [ from ] -.I address +.B socket.inet.source.addr +.RB [ = ] +.RR any | \c +.I addr +.OD +Specify the IP address on which to listen for incoming connections. The +default is +.BR any , +which means to listen on all addresses, though it may be useful to +specify this explicitly, if the global setting is different. +.OE +.OS "Socket options" +.BR socket.inet.source. [ allow | deny ] +.RB [ host ] +.I addr .RB [ / -.IR address ] +.IR addr ] .OD Adds an entry to the source's access control list. If only one .I address @@ -1082,6 +1109,26 @@ and mean the same), and the entry applies to any address which, when masked by the netmask, is equal to the masked network address. .OE +.OS "Socket options" +.BR socket.inet.source. [ allow | deny ] +.B priv-port +.OD +Accept or reject connections from low-numbered `privileged' ports, in +the range 0--1023. +.OE +.OS "Socket options" +.B socket.inet.dest.addr +.RB [ = ] +.RR any | \c +.I addr +.OD +Specify the IP address to bind the local socket to when making an +outbound connection. The default is +.BR any , +which means to use whichever address the kernel thinks is most +convenient. This option is useful if the destination is doing +host-based access control and your server is multi-homed. +.OE .PP The access control rules are examined in the order: local entries first, then global ones, each in the order given in the configuration file. @@ -1142,7 +1189,7 @@ from file stdin, stdout to unix:/tmp/fortunes To emulate .BR cat (1): .VS -from stdin, null to null, stdout +from file stdin, null to file null, stdout .VE . .\"-------------------------------------------------------------------------- @@ -1490,11 +1537,24 @@ exec .RB [ = ] .BR yes | no .PP -.BR socket.inet. [ allow | deny ] -.RB [ from ] -.I address +.BR socket.inet.source. [ allow | deny ] +.RB [ host ] +.I addr .RB [ / -.IR address ] +.IR addr ] +.br +.BR socket.inet.source. [ allow | deny ] +.B priv-port +.br +.B socket.inet.source.addr +.RB [ = ] +.BR any | \c +.I addr +.br +.B socket.inet.dest.addr +.RB [ = ] +.BR any | \c +.I addr .PP .BR socket.unix.fattr. * .