Thread: Asciidoc
View Single Post
  #1   (View Single Post)  
Old 22nd February 2016
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Asciidoc
I have been playing with asciidoc for some time.

First I converted parts of the OpenBSD ksh man page to asciidoc. I ran into some trouble because I pasted from the man page text, and that gives a lot of single back ticks (`) in the text. In asciidoc the backtick delimits a command like:
Code:
`ls -l`
.
The second newbie error was forgetting to handle the asterisk '*', that is used to mark text as bold:
Quote:
For historical reasons, open and
close braces may be used instead of in and esac e.g. case $foo {
*) echo bar; }.
The HTML output coped rather well with these errors, but the PDF generation stopped in the DocBook XML conversion, because XML tags were not matched.

Then I decided to convert parts of the more simple markup of pf.conf(5). An small snippet:
Code:
The following actions can be used in the filter:

*block*::
The packet is blocked. There are a number of ways in which a *block*
rule can behave when blocking a packet. The default behaviour is
to drop packets silently, however this can be overridden or made
explicit either globally, by setting the *block-policy* option, or
on a per-rule basis with one of the following options:

    *drop*;;
        The packet is silently dropped.
    *return*;;
        This causes a TCP RST to be returned for TCP packets and
        an ICMP UNREACHABLE for other types of packets.
    *return-icmp*;;
    *return-icmp6*;;
        This causes ICMP messages to be returned for packets which
        match the rule. By default this is an ICMP UNREACHABLE
        message, however this can be overridden by specifying a
        message as a code or number.
    *return-rst*;;
        This applies only to TCP packets, and issues a TCP RST which
        closes the connection. An optional parameter, *ttl*, may
        be given with a TTL value.
+
Options returning ICMP packets currently have no effect if pf(4)
operates on a bridge(4), as the code to support this feature has
not yet been implemented.
+
The simplest mechanism to block everything by default and only pass
packets that match explicit rules is specify a first filter rule
of:
+
--------------------
        block all
--------------------

*match*::
The packet is matched. This mechanism is used to provide fine grained
filtering without altering the block/pass state of a packet. *match*
rules differ from *block* and *pass* rules in that parameters are
set every time a packet matches the rule, not only on the last
matching rule. For the following parameters, this means that the
parameter effectively becomes "sticky" until explicitly overridden:
*nat-to, binat-to, rdr-to, queue, rtable*, and *scrub*.
Attached are the asciidoc txt source, the HTML and PDF output, all in one *tgz file.
Attached Files
File Type: tgz asciidoc-pf-conf.tgz (164.2 KB, 81 views)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote