From dff20b501044d0ff414fcfdcf2f70b52817b235f Mon Sep 17 00:00:00 2001
From: Ben Smithurst <ben@FreeBSD.org>
Date: Thu, 16 Nov 2000 14:21:50 +0000
Subject: [PATCH] Update the syntax of filtering commands.

PR:		22088
Submitted by:	John Murphy <bigotfo@bigfoot.com>
Reviewed by:	nik
---
 en_US.ISO8859-1/books/ppp-primer/book.sgml  | 88 ++++++++++-----------
 en_US.ISO_8859-1/books/ppp-primer/book.sgml | 88 ++++++++++-----------
 2 files changed, 88 insertions(+), 88 deletions(-)

diff --git a/en_US.ISO8859-1/books/ppp-primer/book.sgml b/en_US.ISO8859-1/books/ppp-primer/book.sgml
index 38f7f14e7f..66e5d87e8f 100644
--- a/en_US.ISO8859-1/books/ppp-primer/book.sgml
+++ b/en_US.ISO8859-1/books/ppp-primer/book.sgml
@@ -14,7 +14,7 @@
 </author>
 </authorgroup>
 
-<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.3 2000/04/30 22:18:21 nik Exp $</pubdate>
+<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.4 2000/07/26 01:14:22 ben Exp $</pubdate>
 
 <abstract><para>This is a step-by-step guide for configuring FreeBSD systems to act as
 a dial-up router/gateway in a Local Area Environment.  All entries may
@@ -2214,7 +2214,7 @@ the PPP program:
 <itemizedlist>
 
 <listitem>
-<para><emphasis remap=tt>afilter</emphasis> - Access Counter (or "Keep Alive") filters
+<para><emphasis>alive</emphasis> filter - Access Counter (or "Keep Alive") filters
 </para>
 
 <para>These control which events are ignored by the <literal>set timeout=</literal>
@@ -2222,7 +2222,7 @@ statement in the configuration file.</para>
 </listitem>
 
 <listitem>
-<para><emphasis remap=tt>dfilter</emphasis> - Dialing filters
+<para><emphasis>dial</emphasis> filter - Dialing filters
 </para>
 
 <para>These filtering rules control which events are ignored by the
@@ -2230,7 +2230,7 @@ demand-dial mode of PPP.</para>
 </listitem>
 
 <listitem>
-<para><emphasis remap=tt>ifilter</emphasis> - Input filters
+<para><emphasis>in</emphasis> filter - Input filters
 </para>
 
 <para>Control whether incoming packets should be discarded or passed into
@@ -2238,7 +2238,7 @@ the system.</para>
 </listitem>
 
 <listitem>
-<para><emphasis remap=tt>ofilter</emphasis> - Output filters
+<para><emphasis>out</emphasis> filter - Output filters
 </para>
 
 <para>Control whether outgoing packets should be discarded or passed into
@@ -2257,83 +2257,83 @@ briefly describe the logic of each rule set:
 # KeepAlive filters
 # Don't keep Alive with ICMP,DNS and RIP packet
 #
- set afilter 0 deny icmp
- set afilter 1 deny udp src eq 53
- set afilter 2 deny udp dst eq 53
- set afilter 3 deny udp src eq 520
- set afilter 4 deny udp dst eq 520
- set afilter 5 permit 0/0 0/0
+ set filter alive 0 deny icmp
+ set filter alive 1 deny udp src eq 53
+ set filter alive 2 deny udp dst eq 53
+ set filter alive 3 deny udp src eq 520
+ set filter alive 4 deny udp dst eq 520
+ set filter alive 5 permit 0/0 0/0
 #
 # Dial Filters:
 #  Note:  ICMP will trigger a dial-out in this configuration!
 #
- set dfilter 0 permit 0/0 0/0
+ set filter dial 0 permit 0/0 0/0
 #
 # Allow ident packet pass through
 #
- set ifilter 0 permit tcp dst eq 113
- set ofilter 0 permit tcp src eq 113
+ set filter in 0 permit tcp dst eq 113
+ set filter out 0 permit tcp src eq 113
 #
 # Allow telnet connection to the Internet
 #
- set ifilter 1 permit tcp src eq 23 estab
- set ofilter 1 permit tcp dst eq 23
+ set filter in 1 permit tcp src eq 23 estab
+ set filter out 1 permit tcp dst eq 23
 #
 # Allow ftp access to the Internet
 #
- set ifilter 2 permit tcp src eq 21 estab
- set ofilter 2 permit tcp dst eq 21
- set ifilter 3 permit tcp src eq 20 dst gt 1023
- set ofilter 3 permit tcp dst eq 20
+ set filter in 2 permit tcp src eq 21 estab
+ set filter out 2 permit tcp dst eq 21
+ set filter in 3 permit tcp src eq 20 dst gt 1023
+ set filter out 3 permit tcp dst eq 20
 #
 # Allow access to DNS lookups
 #
- set ifilter 4 permit udp src eq 53
- set ofilter 4 permit udp dst eq 53
+ set filter in 4 permit udp src eq 53
+ set filter out 4 permit udp dst eq 53
 #
 # Allow DNS Zone Transfers
 #
- set ifilter 5 permit tcp src eq 53
- set ofilter 5 permit tcp dst eq 53
+ set filter in 5 permit tcp src eq 53
+ set filter out 5 permit tcp dst eq 53
 #
 # Allow access from/to local network
 #
- set ifilter 6 permit 0/0 192.168.1.0/24
- set ofilter 6 permit 192.168.1.0/24 0/0
+ set filter in 6 permit 0/0 192.168.1.0/24
+ set filter out 6 permit 192.168.1.0/24 0/0
 #
 # Allow ping and traceroute response
 #
- set ifilter 7 permit icmp
- set ofilter 7 permit icmp
- set ifilter 8 permit udp dst gt 33433
- set ofilter 9 permit udp dst gt 33433
+ set filter in 7 permit icmp
+ set filter out 7 permit icmp
+ set filter in 8 permit udp dst gt 33433
+ set filter out 9 permit udp dst gt 33433
 #
 # Allow cvsup
 #
- set ifilter 9 permit tcp src eq 5998
- set ofilter 9 permit tcp dst eq 5998
- set ifilter 10 permit tcp src eq 5999
- set ofilter 10 permit tcp dst eq 5999
+ set filter in 9 permit tcp src eq 5998
+ set filter out 9 permit tcp dst eq 5998
+ set filter in 10 permit tcp src eq 5999
+ set filter out 10 permit tcp dst eq 5999
 #
 # Allow NTP for Time Synchronization
 #
- set ifilter 11 permit tcp src eq 123 dst eq 123
- set ofilter 11 permit tcp src eq 123 dst eq 123
- set ifilter 12 permit udp src eq 123 dst eq 123
- set ofilter 12 permit udp src eq 123 dst eq 123
+ set filter in 11 permit tcp src eq 123 dst eq 123
+ set filter out 11 permit tcp src eq 123 dst eq 123
+ set filter in 12 permit udp src eq 123 dst eq 123
+ set filter out 12 permit udp src eq 123 dst eq 123
 #
 # SMTP'd be a good idea!
 #
- set ifilter 13 permit tcp src eq 25
- set ofilter 13 permit tcp dst eq 25
+ set filter in 13 permit tcp src eq 25
+ set filter out 13 permit tcp dst eq 25
 #
 #
 # We use a lot of `whois`, let's pass that
 #
- set ifilter 14 permit tcp src eq 43
- set ofilter 14 permit tcp dst eq 43
- set ifilter 15 permit udp src eq 43
- set ofilter 15 permit udp dst eq 43
+ set filter in 14 permit tcp src eq 43
+ set filter out 14 permit tcp dst eq 43
+ set filter in 15 permit udp src eq 43
+ set filter out 15 permit udp dst eq 43
 #
 # If none of above rules matches, then packet is blocked.
 #-------</screen>
diff --git a/en_US.ISO_8859-1/books/ppp-primer/book.sgml b/en_US.ISO_8859-1/books/ppp-primer/book.sgml
index 38f7f14e7f..66e5d87e8f 100644
--- a/en_US.ISO_8859-1/books/ppp-primer/book.sgml
+++ b/en_US.ISO_8859-1/books/ppp-primer/book.sgml
@@ -14,7 +14,7 @@
 </author>
 </authorgroup>
 
-<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.3 2000/04/30 22:18:21 nik Exp $</pubdate>
+<pubdate>$FreeBSD: doc/en_US.ISO_8859-1/books/ppp-primer/book.sgml,v 1.4 2000/07/26 01:14:22 ben Exp $</pubdate>
 
 <abstract><para>This is a step-by-step guide for configuring FreeBSD systems to act as
 a dial-up router/gateway in a Local Area Environment.  All entries may
@@ -2214,7 +2214,7 @@ the PPP program:
 <itemizedlist>
 
 <listitem>
-<para><emphasis remap=tt>afilter</emphasis> - Access Counter (or "Keep Alive") filters
+<para><emphasis>alive</emphasis> filter - Access Counter (or "Keep Alive") filters
 </para>
 
 <para>These control which events are ignored by the <literal>set timeout=</literal>
@@ -2222,7 +2222,7 @@ statement in the configuration file.</para>
 </listitem>
 
 <listitem>
-<para><emphasis remap=tt>dfilter</emphasis> - Dialing filters
+<para><emphasis>dial</emphasis> filter - Dialing filters
 </para>
 
 <para>These filtering rules control which events are ignored by the
@@ -2230,7 +2230,7 @@ demand-dial mode of PPP.</para>
 </listitem>
 
 <listitem>
-<para><emphasis remap=tt>ifilter</emphasis> - Input filters
+<para><emphasis>in</emphasis> filter - Input filters
 </para>
 
 <para>Control whether incoming packets should be discarded or passed into
@@ -2238,7 +2238,7 @@ the system.</para>
 </listitem>
 
 <listitem>
-<para><emphasis remap=tt>ofilter</emphasis> - Output filters
+<para><emphasis>out</emphasis> filter - Output filters
 </para>
 
 <para>Control whether outgoing packets should be discarded or passed into
@@ -2257,83 +2257,83 @@ briefly describe the logic of each rule set:
 # KeepAlive filters
 # Don't keep Alive with ICMP,DNS and RIP packet
 #
- set afilter 0 deny icmp
- set afilter 1 deny udp src eq 53
- set afilter 2 deny udp dst eq 53
- set afilter 3 deny udp src eq 520
- set afilter 4 deny udp dst eq 520
- set afilter 5 permit 0/0 0/0
+ set filter alive 0 deny icmp
+ set filter alive 1 deny udp src eq 53
+ set filter alive 2 deny udp dst eq 53
+ set filter alive 3 deny udp src eq 520
+ set filter alive 4 deny udp dst eq 520
+ set filter alive 5 permit 0/0 0/0
 #
 # Dial Filters:
 #  Note:  ICMP will trigger a dial-out in this configuration!
 #
- set dfilter 0 permit 0/0 0/0
+ set filter dial 0 permit 0/0 0/0
 #
 # Allow ident packet pass through
 #
- set ifilter 0 permit tcp dst eq 113
- set ofilter 0 permit tcp src eq 113
+ set filter in 0 permit tcp dst eq 113
+ set filter out 0 permit tcp src eq 113
 #
 # Allow telnet connection to the Internet
 #
- set ifilter 1 permit tcp src eq 23 estab
- set ofilter 1 permit tcp dst eq 23
+ set filter in 1 permit tcp src eq 23 estab
+ set filter out 1 permit tcp dst eq 23
 #
 # Allow ftp access to the Internet
 #
- set ifilter 2 permit tcp src eq 21 estab
- set ofilter 2 permit tcp dst eq 21
- set ifilter 3 permit tcp src eq 20 dst gt 1023
- set ofilter 3 permit tcp dst eq 20
+ set filter in 2 permit tcp src eq 21 estab
+ set filter out 2 permit tcp dst eq 21
+ set filter in 3 permit tcp src eq 20 dst gt 1023
+ set filter out 3 permit tcp dst eq 20
 #
 # Allow access to DNS lookups
 #
- set ifilter 4 permit udp src eq 53
- set ofilter 4 permit udp dst eq 53
+ set filter in 4 permit udp src eq 53
+ set filter out 4 permit udp dst eq 53
 #
 # Allow DNS Zone Transfers
 #
- set ifilter 5 permit tcp src eq 53
- set ofilter 5 permit tcp dst eq 53
+ set filter in 5 permit tcp src eq 53
+ set filter out 5 permit tcp dst eq 53
 #
 # Allow access from/to local network
 #
- set ifilter 6 permit 0/0 192.168.1.0/24
- set ofilter 6 permit 192.168.1.0/24 0/0
+ set filter in 6 permit 0/0 192.168.1.0/24
+ set filter out 6 permit 192.168.1.0/24 0/0
 #
 # Allow ping and traceroute response
 #
- set ifilter 7 permit icmp
- set ofilter 7 permit icmp
- set ifilter 8 permit udp dst gt 33433
- set ofilter 9 permit udp dst gt 33433
+ set filter in 7 permit icmp
+ set filter out 7 permit icmp
+ set filter in 8 permit udp dst gt 33433
+ set filter out 9 permit udp dst gt 33433
 #
 # Allow cvsup
 #
- set ifilter 9 permit tcp src eq 5998
- set ofilter 9 permit tcp dst eq 5998
- set ifilter 10 permit tcp src eq 5999
- set ofilter 10 permit tcp dst eq 5999
+ set filter in 9 permit tcp src eq 5998
+ set filter out 9 permit tcp dst eq 5998
+ set filter in 10 permit tcp src eq 5999
+ set filter out 10 permit tcp dst eq 5999
 #
 # Allow NTP for Time Synchronization
 #
- set ifilter 11 permit tcp src eq 123 dst eq 123
- set ofilter 11 permit tcp src eq 123 dst eq 123
- set ifilter 12 permit udp src eq 123 dst eq 123
- set ofilter 12 permit udp src eq 123 dst eq 123
+ set filter in 11 permit tcp src eq 123 dst eq 123
+ set filter out 11 permit tcp src eq 123 dst eq 123
+ set filter in 12 permit udp src eq 123 dst eq 123
+ set filter out 12 permit udp src eq 123 dst eq 123
 #
 # SMTP'd be a good idea!
 #
- set ifilter 13 permit tcp src eq 25
- set ofilter 13 permit tcp dst eq 25
+ set filter in 13 permit tcp src eq 25
+ set filter out 13 permit tcp dst eq 25
 #
 #
 # We use a lot of `whois`, let's pass that
 #
- set ifilter 14 permit tcp src eq 43
- set ofilter 14 permit tcp dst eq 43
- set ifilter 15 permit udp src eq 43
- set ofilter 15 permit udp dst eq 43
+ set filter in 14 permit tcp src eq 43
+ set filter out 14 permit tcp dst eq 43
+ set filter in 15 permit udp src eq 43
+ set filter out 15 permit udp dst eq 43
 #
 # If none of above rules matches, then packet is blocked.
 #-------</screen>