DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd February 2016
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Asciidoc

I have been playing with asciidoc for some time.

First I converted parts of the OpenBSD ksh man page to asciidoc. I ran into some trouble because I pasted from the man page text, and that gives a lot of single back ticks (`) in the text. In asciidoc the backtick delimits a command like:
Code:
`ls -l`
.
The second newbie error was forgetting to handle the asterisk '*', that is used to mark text as bold:
Quote:
For historical reasons, open and
close braces may be used instead of in and esac e.g. case $foo {
*) echo bar; }.
The HTML output coped rather well with these errors, but the PDF generation stopped in the DocBook XML conversion, because XML tags were not matched.

Then I decided to convert parts of the more simple markup of pf.conf(5). An small snippet:
Code:
The following actions can be used in the filter:

*block*::
The packet is blocked. There are a number of ways in which a *block*
rule can behave when blocking a packet. The default behaviour is
to drop packets silently, however this can be overridden or made
explicit either globally, by setting the *block-policy* option, or
on a per-rule basis with one of the following options:

    *drop*;;
        The packet is silently dropped.
    *return*;;
        This causes a TCP RST to be returned for TCP packets and
        an ICMP UNREACHABLE for other types of packets.
    *return-icmp*;;
    *return-icmp6*;;
        This causes ICMP messages to be returned for packets which
        match the rule. By default this is an ICMP UNREACHABLE
        message, however this can be overridden by specifying a
        message as a code or number.
    *return-rst*;;
        This applies only to TCP packets, and issues a TCP RST which
        closes the connection. An optional parameter, *ttl*, may
        be given with a TTL value.
+
Options returning ICMP packets currently have no effect if pf(4)
operates on a bridge(4), as the code to support this feature has
not yet been implemented.
+
The simplest mechanism to block everything by default and only pass
packets that match explicit rules is specify a first filter rule
of:
+
--------------------
        block all
--------------------

*match*::
The packet is matched. This mechanism is used to provide fine grained
filtering without altering the block/pass state of a packet. *match*
rules differ from *block* and *pass* rules in that parameters are
set every time a packet matches the rule, not only on the last
matching rule. For the following parameters, this means that the
parameter effectively becomes "sticky" until explicitly overridden:
*nat-to, binat-to, rdr-to, queue, rtable*, and *scrub*.
Attached are the asciidoc txt source, the HTML and PDF output, all in one *tgz file.
Attached Files
File Type: tgz asciidoc-pf-conf.tgz (164.2 KB, 79 views)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Tags
asciidoc, html output, markup language, pdf output

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:43 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick