diff mbox series

[2/3] doc: remove duplicate tables in synproxy example

Message ID 777bd19f84d96590e4000a821146874d92462142.1615108958.git.simon@ruderich.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series None | expand

Commit Message

Simon Ruderich March 7, 2021, 9:51 a.m. UTC 
The "outcome ruleset" is the same as the two tables in the example.
Don't duplicate this information which just wastes space in the
documentation and can confuse the reader (it took me a while to realize
the tables are the same).

In addition, use the same table name for both tables to make it clear
that they can be the same. They will be merged in the resulting ruleset.

Signed-off-by: Simon Ruderich <simon@ruderich.org>
---
 doc/statements.txt | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)
diff mbox series

Patch

diff --git a/doc/statements.txt b/doc/statements.txt
index aac7c7d6..7bb538a9 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -567,28 +567,13 @@  drop incorrect cookies. Flags combinations not expected during  3WHS will not
 match and continue (e.g. SYN+FIN, SYN+ACK). Finally, drop invalid packets, this
 will be out-of-flow packets that were not matched by SYNPROXY.
 
-    table ip foo {
+    table ip x {
             chain z {
                     type filter hook input priority filter; policy accept;
                     ct state { invalid, untracked } synproxy mss 1460 wscale 9 timestamp sack-perm
                     ct state invalid drop
             }
     }
-
-The outcome ruleset of the steps above should be similar to the one below.
-
-	table ip x {
-		chain y {
-			type filter hook prerouting priority raw; policy accept;
-	                tcp flags syn notrack
-		}
-
-		chain z {
-			type filter hook input priority filter; policy accept;
-	                ct state { invalid, untracked } synproxy mss 1460 wscale 9 timestamp sack-perm
-		        ct state invalid drop
-	        }
-	}
 ---------------------------------------
 
 FLOW STATEMENT