X-Git-Url: https://git.distorted.org.uk/~mdw/fwd/blobdiff_plain/333c51f409d9d8c3ed7bc8b46c1111c6c39ee743..1486505721855801d1996b609ff03f61a3ac15ca:/fw.1 diff --git a/fw.1 b/fw.1 index 885d5b9..df52079 100644 --- a/fw.1 +++ b/fw.1 @@ -1,6 +1,6 @@ .\" -*-nroff-*- .\" -.\" $Id: fw.1,v 1.6 1999/10/10 16:46:29 mdw Exp $ +.\" $Id: fw.1,v 1.9 2000/03/23 00:37:33 mdw Exp $ .\" .\" Manual page for fw .\" @@ -28,6 +28,16 @@ .\" ---- Revision history --------------------------------------------------- .\" .\" $Log: fw.1,v $ +.\" Revision 1.9 2000/03/23 00:37:33 mdw +.\" Add option to change user and group after initialization. Naughtily +.\" reassign short equivalents of --grammar and --options. +.\" +.\" Revision 1.8 1999/12/22 15:44:43 mdw +.\" Fix some errors, and document new option. +.\" +.\" Revision 1.7 1999/10/22 22:45:15 mdw +.\" Describe new socket connection options. +.\" .\" Revision 1.6 1999/10/10 16:46:29 mdw .\" Include grammar and options references at the end of the manual. .\" @@ -120,9 +130,13 @@ fw \- port forwarder .SH SYNOPSIS . .B fw -.RB [ \-dq ] +.RB [ \-dlq ] .RB [ \-f .IR file ] +.RB [ \-s +.IR user ] +.RB [ \-g +.IR group ] .IR config-stmt ... . .\"-------------------------------------------------------------------------- @@ -169,6 +183,14 @@ Writes the version number to standard output and exits successfully. .B "\-u, \-\-usage" Writes a terse usage summary to standard output and exits successfully. .TP +.B "\-G, \-\-grammar" +Writes a summary of the configuration file grammar to standard output +and exits successfully. +.TP +.B "\-O, \-\-options" +Writes a summary of the source and target options to standard output and +exits successfully. +.TP .BI "\-f, \-\-file=" file Read configuration information from .IR file . @@ -181,10 +203,27 @@ configuration file statement. Forks into the background after reading the configuration and initializing properly. .TP -.B "-q, \-\-quiet" +.B "\-l, \-\-syslog, \-\-log" +Emit logging information to the system log, rather than standard error. +.TP +.B "\-q, \-\-quiet" Don't output any logging information. This option is not recommended for normal use, although it can make system call traces clearer so I use it when debugging. +.TP +.BI "\-s, \-\-setuid=" user +Change uid to that of +.IR user , +which may be either a user name or uid number, after initializing all +the sources. This will usually require elevated privileges. +.TP +.BI "\-g, \-\-setgid=" group +Change gid to that of +.IR group , +which may be either a group name or gid number, after initializing all +the sources. If the operating system understands supplementary groups +then the supplementary groups list is altered to include only +.IR group . .PP Any further command line arguments are interpreted as configuration lines to be read. Configuration supplied in command line arguments has @@ -927,11 +966,23 @@ options provided are: .OS "Socket options" .B socket.conn .RB [ = ] -.I number +.IR number | \c +.BR unlimited | one-shot .OD -Limits the number of simultaneous connections to this socket to the +Controls the behaviour of the source when it receives connections. A .I number -given. The default is 256. +limits the number of simultaneous connections. The value +.B unlimited +(or +.BR infinite ) +removes any limit on the number of connections possible. The value +.B one-shot +will remove the socket source after a single successful connection. +(Connections refused by access control systems don't count here.) +The default is to apply a limit of 256 concurrent connections. Use of +the +.B unlimited +option is not recommended. .OE .OS "Socket options" .B socket.logging @@ -1361,7 +1412,8 @@ exec .SS "Socket options" .B socket.conn .RB [ = ] -.I number +.IR number | \c +.BR unlimited | one-shot .br .B socket.logging .RB [ = ] @@ -1380,7 +1432,9 @@ exec . The syntax for IP addresses and filenames is nasty. .PP -IPv6 is not supported yet. It's probably not a major piece of work to +IPv6 is not supported yet. Because of +.BR fw 's +socket address architecture, it's probably not a major piece of work to add. .PP Please inform me of any security problems you think you've identified in