From 15392934cf81ef85e2a1c21380c61a7a42e260d5 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Thu, 12 May 2011 12:46:40 +0200
Subject: libxt_policy: option table fixes, improved error tracking

Most of the flags are multi-use in this extension. Also transfer
--next => --strict requirement to option table.

Furthermore, augment the error messages emitted from fcheck to contain
the policy element number, and elaborate on what an "empty policy
element" is.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 extensions/libxt_policy.man | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'extensions/libxt_policy.man')

diff --git a/extensions/libxt_policy.man b/extensions/libxt_policy.man
index 3500025c..1b834fa0 100644
--- a/extensions/libxt_policy.man
+++ b/extensions/libxt_policy.man
@@ -13,11 +13,16 @@ is valid in the
 chains.
 .TP
 \fB\-\-pol\fP {\fBnone\fP|\fBipsec\fP}
-Matches if the packet is subject to IPsec processing.
+Matches if the packet is subject to IPsec processing. \fB\-\-pol none\fP
+cannot be combined with \fB\-\-strict\fP.
 .TP
 \fB\-\-strict\fP
 Selects whether to match the exact policy or match if any rule of
 the policy matches the given policy.
+.PP
+For each policy element that is to be described, one can use one or more of
+the following options. When \fB\-\-strict\fP is in effect, at least one must be
+used per element.
 .TP
 [\fB!\fP] \fB\-\-reqid\fP \fIid\fP
 Matches the reqid of the policy rule. The reqid can be specified with
-- 
cgit v1.2.3