From b8fc1f0e39d2ffc18c5db1b129b10f2bfe77e708 Mon Sep 17 00:00:00 2001 From: Duncan Roe Date: Mon, 6 Aug 2018 11:14:48 +1000 Subject: doc: Changes following detailed comparison with last XML version These were found by a combination of tkdiff and side-by-side man pages Most changes preserve or (occasionally) fix highlighting, casing or plurality. No major omissions were found. - data-types.txt: (Nothing special) - nft.txt: -- changed "`nft' stands for Netfilter" back to "`nf' stands for Netfilter" -- removed mysterious plus sign - payload-expression.txt: -- XML had MTU as 16-bit so changed back from 32. Is that correct? - primary-expression.txt: (Nothing special) - statements.txt: (Nothing special) This patch does not address any of the following observations: 1. Title has changed from nft to NFT 2. There is no attempt at justification. 3. There is no attempt at hyphenation. 4. Long lines of code now wrap instead of indenting nicely. See e.g. "tcp option" line under EXTENSION HEADER EXPRESSIONS 5. Tables have a lot of empty lines in them. 6. Occasionally there is severe wrapping, e.g. under CHAINS see add/create/delete/&c. which wrap at about cc40. Signed-off-by: Duncan Roe Signed-off-by: Pablo Neira Ayuso --- doc/nft.txt | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) (limited to 'doc/nft.txt') diff --git a/doc/nft.txt b/doc/nft.txt index 0f824a52..20ae54be 100644 --- a/doc/nft.txt +++ b/doc/nft.txt @@ -17,7 +17,7 @@ DESCRIPTION ----------- nft is the command line tool used to set up, maintain and inspect packet filtering and classification rules in the Linux kernel, in the nftables -framework. The Linux kernel subsystem is known as nf_tables, and `nft' stands +framework. The Linux kernel subsystem is known as nf_tables, and `nf' stands for Netfilter. OPTIONS @@ -145,12 +145,12 @@ address family the kernel contains so called hooks at specific stages of the packet processing paths, which invoke nftables if rules for these hooks exist. [horizontal] -ip:: IPv4 address family. -ip6:: IPv6 address family. -inet:: Internet (IPv4/IPv6) address family. -arp:: ARP address family, handling IPv4 ARP packets. -bridge:: Bridge address family, handling packets which traverse a bridge device. -netdev:: Netdev address family, handling packets from ingress. +*ip*:: IPv4 address family. +*ip6*:: IPv6 address family. +*inet*:: Internet (IPv4/IPv6) address family. +*arp*:: ARP address family, handling IPv4 ARP packets. +*bridge*:: Bridge address family, handling packets which traverse a bridge device. +*netdev*:: Netdev address family, handling packets from ingress. All nftables objects exist in address family specific namespaces, therefore all identifiers include an address family. If an identifier is specified without an @@ -232,7 +232,7 @@ no packet filtering will happen anymore, so the kernel accepts any valid packet it receives. *export*:: Print the ruleset in machine readable format. The mandatory 'format' -parameter may be either *xml* or *json*. +parameter may be either xml or json. It is possible to limit *list* and *flush* to a specific address family only. For a list of valid family names, see <> above. @@ -360,7 +360,7 @@ RULES replace *rule* ['family'] 'table' 'chain' handle 'handle' 'statement'... delete *rule* ['family'] 'table' 'chain' handle 'handle' -Rules are added to chain in the given table. If the family is not specified, the +Rules are added to chains in the given table. If the family is not specified, the ip family is used. Rules are constructed from two kinds of components according to a set of grammatical rules: expressions and statements. @@ -571,7 +571,6 @@ numbers etc. or data gathered from the packet during ruleset evaluation. Expressions can be combined using binary, logical, relational and other types of expressions to form complex or relational (match) expressions. They are also used as arguments to certain types of operations, like NAT, packet marking etc. -+ Each expression has a data type, which determines the size, parsing and representation of symbolic values and type compatibility with other expressions. @@ -717,7 +716,7 @@ filter output tcp dport == tcp dport ----------------------------- :0:0-23: Error: Could not process rule: Operation not permitted filter output oif wlan0 - ^^^^^^^^^^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^ --------------------------------- EXIT STATUS -- cgit v1.2.3