From: Klemens Nanni Subject: pfctl.8: fix markup for shorter lists and more automatic tags To: OpenBSD tech Date: Wed, 20 Nov 2024 18:25:52 +0000 SYNOPSIS pfctl [-deghNnPqrvz] [-a anchor] [-D macro=value] [-F modifier] [-f file] [-i interface] [-K key] [-k key] [-L statefile] [-o level] [-p device] [-S statefile] [-s modifier [-R id]] [-t table -T command [address ...]] [-V rdomain] [-x level] Looking for the "R" or "T" tags in the manual pager yields no results as they are part of the preceding flag, e.g. only "s" brings you to the joint definition of [-s modifier [-R id]]. Add manual tags for -T and -R to fix that. Also, "zero" is not defined since the list item is called '-T zero', so you can't jump straight to that definition via tags, either. Seems a bit odd to repeat the flag for each modifier/command, so I like to turn -T test Test if the given addresses match a table. into test Test if the given addresses match a table. for brevity and to get automatic tagging for all such modifiers/commands, e.g. "tag" now jumping to that line. Feedback? OK? Index: pfctl.8 =================================================================== RCS file: /cvs/src/sbin/pfctl/pfctl.8,v diff -u -p -r1.184 pfctl.8 --- pfctl.8 20 Nov 2024 13:57:29 -0000 1.184 +++ pfctl.8 20 Nov 2024 18:10:34 -0000 @@ -191,25 +191,25 @@ Flush the filter parameters specified by .Ar modifier (may be abbreviated): .Pp -.Bl -tag -width xxxxxxxxxxxx -compact -.It Fl F Cm rules +.Bl -tag -width xxxxxxxxx -compact +.It Cm rules Flush the filter rules. -.It Fl F Cm states +.It Cm states Flush the state table (NAT and filter). -.It Fl F Cm Sources +.It Cm Sources Flush the source tracking table. -.It Fl F Cm info +.It Cm info Flush the filter information (statistics that are not bound to rules). -.It Fl F Cm Tables +.It Cm Tables Flush the tables. -.It Fl F Cm osfp +.It Cm osfp Flush the passive operating system fingerprints. -.It Fl F Cm Reset +.It Cm Reset Reset limits, timeouts and other options back to default settings. See the OPTIONS section in .Xr pf.conf 5 for details. -.It Fl F Cm all +.It Cm all Flush all of the above. .El .Pp @@ -316,13 +316,13 @@ Do not actually load rules, just parse t .It Fl o Ar level Control the ruleset optimizer, overriding any rule file settings. .Pp -.Bl -tag -width xxxxxxxxxxxx -compact -.It Fl o Cm none +.Bl -tag -width xxxxxxxxx -compact +.It Cm none Disable the ruleset optimizer. -.It Fl o Cm basic +.It Cm basic Enable basic ruleset optimizations. This is the default behaviour. -.It Fl o Cm profile +.It Cm profile Enable basic ruleset optimizations with profiling. .El .Pp @@ -348,13 +348,14 @@ are mutually exclusive. .It Fl S Ar statefile Store the pf state table in the file specified by .Ar statefile . +.Tg R .It Fl s Ar modifier Op Fl R Ar id Show the filter parameters specified by .Ar modifier (may be abbreviated): .Pp -.Bl -tag -width xxxxxxxxxxxxxx -compact -.It Fl s Cm queue +.Bl -tag -width xxxxxxxxxxx -compact +.It Cm queue Show the currently loaded queue definitions. When used together with .Fl v , @@ -364,7 +365,7 @@ When used together with .Nm will loop and show updated queue statistics every five seconds, including measured bandwidth and packets per second. -.It Fl s Cm rules +.It Cm rules Show the currently loaded filter rules. If .Fl R Ar id @@ -388,7 +389,7 @@ will skip evaluation of rules where poss Packets passed statefully are counted in the rule that created the state (even though the rule isn't evaluated more than once for the entire connection). -.It Fl s Cm Anchors +.It Cm Anchors Show the currently loaded anchors directly attached to the main ruleset. If .Fl a Ar anchor @@ -399,15 +400,15 @@ If .Fl v is specified, all anchors attached under the target anchor will be displayed recursively. -.It Fl s Cm states +.It Cm states Show the contents of the state table. If .Fl R Ar id is specified as well, only states created by the rule with the specified numeric ID are shown. -.It Fl s Cm Sources +.It Cm Sources Show the contents of the source tracking table. -.It Fl s Cm info +.It Cm info Show filter information (statistics and counters). When used together with .Fl v , @@ -415,7 +416,7 @@ source tracking statistics, the firewall main ruleset's MD5 checksum for use with .Xr pfsync 4 are also shown. -.It Fl s Cm labels +.It Cm labels Show per-rule statistics (label, evaluations, packets total, bytes total, packets in, bytes in, packets out, bytes out, state creations) of filter rules with labels, useful for accounting. @@ -423,15 +424,15 @@ If .Fl R Ar id is specified as well, only the statistics for the rule with the specified numeric ID are shown. -.It Fl s Cm timeouts +.It Cm timeouts Show the current global timeouts. -.It Fl s Cm memory +.It Cm memory Show the current pool memory hard limits. -.It Fl s Cm Tables +.It Cm Tables Show the list of tables. -.It Fl s Cm osfp +.It Cm osfp Show the list of operating system fingerprints. -.It Fl s Cm Interfaces +.It Cm Interfaces Show the list of interfaces and interface groups available to PF. When used together with .Fl v , @@ -441,7 +442,7 @@ When used together with interface statistics are also shown. .Fl i can be used to select an interface or a group of interfaces. -.It Fl s Cm all +.It Cm all Show all of the above, except for the lists of interfaces and operating system fingerprints. .El @@ -486,6 +487,7 @@ no free ports in translation port range .It no-route dropped by no-route .El +.Tg T .It Fl t Ar table Fl T Ar command Op Ar address ... Specify the .Ar command @@ -493,31 +495,31 @@ Specify the .Ar table . Commands include: .Pp -.Bl -tag -width "-T expire number" -compact -.It Fl T Cm add +.Bl -tag -width "expire number" -compact +.It Cm add Add one or more addresses to a table. Automatically create a persistent table if it does not exist. -.It Fl T Cm delete +.It Cm delete Delete one or more addresses from a table. -.It Fl T Cm expire Ar number +.It Cm expire Ar number Delete addresses which had their statistics cleared more than .Ar number seconds ago. For entries which have never had their statistics cleared, .Ar number refers to the time they were added to the table. -.It Fl T Cm flush +.It Cm flush Flush all addresses in a table. -.It Fl T Cm kill +.It Cm kill Kill a table. -.It Fl T Cm replace +.It Cm replace Replace the addresses of the table. Automatically create a persistent table if it does not exist. -.It Fl T Cm show +.It Cm show Show the content (addresses) of a table. -.It Fl T Cm test +.It Cm test Test if the given addresses match a table. -.It Fl T Cm zero +.It Cm zero Clear all the statistics of a table, or only for specified addresses. .El .Pp