Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE
cycle.

Prune svn:mergeinfo from the new branch, and rename it to RC1.

Update __FreeBSD_version.

Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and
the dvd1.iso packages population.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

mdoc: remove superfluous paragraph macros.

use .Mt to mark up email addresses consistently (part1)

PR: 191174
Submitted by: Franco Fichtner <franco@lastsummer.de>

mdoc: fix a few badly nested blocks.

Fixes to man8 groff mandoc style, usage mistakes, or typos.

PR: 168016
Submitted by: Nobuyuki Koganemaru
Approved by: gjb
MFC after: 3 days

Fix a typo.

Approved by: kib

Add exit_delay parameter to control daemon exit delay after signal.

PR: bin/58696
Submitted by: sp@alkor.ru

Improve rev. 1.63. Document -instance and -globalport options.
Add a MULTIPLE INSTANCES section which provides an example of
setting up natd in multi-instance mode (based on the notes.natd
file from phk@).

Submitted by: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Reviewed by: ru

Note that the punch_fw option does not work in securelevel 3 and Xref init.8.
Bump .Dd.

PR: 41807

o Markup and grammar fixes.

Bump .Dd for r1.63; fix small nit from the same.

Add a bit more detailed description about a configuration
file format and about using NAT "instances".

Submitted by: "Andrey V. Elsukov" <bu7cher@yandex.ru>

Eliminate macro calls inside literal displays.

Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers. With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR: 55843
Reviewed by: ru
Approved by: ru
MFC after: 30 days

- Clarify the port range syntax in -redirect_port.

PR: docs/46286

- "IP number" -> "IP address", for consistency.

Added an option to specify an alternate PID file.

PR: bin/37159
Submitted by: "Aleksandr A. Babaylov" <.@babolo.ru>

If the -proxy_only option is used, the -alias_address/-interface
options are not required.

Suggested by: Vaclav Petricek
MFC after: 2 weeks

Don't pretend natd(8) doesn't work with ppp(8) interfaces.
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.

Noticed by: bde

Fixed Charles' e-mail here too.

can not -> cannot.

mdoc(7) police: canonize FreeBSD in e-mail address.

The .Nm utility

Update my email address.

s/sysctl -w/sysctl/

Make -log_ipfw_denied active by default with -verbose.

Discussed with: phk

Fixed (local) style bugs in previous revision.

Do not uselessly whine in syslog about packets denied by ipfw rules.

Set 'log_ipfw_denied' option if you want the old behaviour.

PR: 30255
Submitted by: Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by: phk
MFC after: 4 weeks

mdoc(7) police:

Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: normalize .Nd.

mdoc(7) police: split punctuation characters + misc fixes.

mdoc(7) police: use the new features of the Nm macro.

Describe -deny_incoming better, highlight some keywords,
add myself to the AUTHORS section.

more removal of trailing periods from SEE ALSO.

Suggest looking at rc.conf(5) on how to start natd(8) during boot.

Submitted by: dcs

"Ease understanding" of how -punch_fw works.

Reviewed by: sheldonh

Added new option (-punch_fw) which allows to `punch holes'
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by: Rene de Vries <rene@canyon.demon.nl>
Rewritten by: ru

- mdoc(7) style cleanup
- new version of security note from alex.

Back out both previous commits.
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.

Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.

Pointy hat: alex
Beer on next meeting: ru

Add note about security concerns w/o a firewall but other machines
on your LAN to the "RUNNING NATD" introduction.

In a different way requested by:
PR: 18802
Submitted by: Zachary K Drew <drew0054@tc.umn.edu>

mdoc style cleanup.

Reviewed by: sheldonh

Remove ``pptpalias'' since this is now done transparently by libalias(3).

Fix a small grammar nit, with the maintainer's implicit approval.

Add new option (-target_addr) to control how to deal with incoming packets
not associated with any pre-existing link.

Submitted by: brian

New option: -redirect_proto.

Load Sharing using IP Network Address Translation (RFC 2391, LSNAT).

Correct Charles Mott's email address
Requested by: cmott@scientech.com

Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.

Suggest ppp -nat, not ppp -alias

Minor grammar fix.

Fixed the description of how packets re-enter IP firewall filter.

Suggested by: Ari Suutari <ari@suutari.iki.fi>

Config file parser changes:

- Trailing spaces and empty lines are ignored.
- A `#' sign will mark the remaining of the line as a comment.

Reviewed by: Ari Suutari <ari@suutari.iki.fi>

$Id$ -> $FreeBSD$

Bad cross-reference of getservbyname(2) changed to getservbyname(3)

Reviewed by: ru

Back out previous commit.

Mention that data going from one internal address to another will
not be processed by natd.
Requested by: Ludwig Pummer <ludwigp@bigfoot.com>

/sbin/natd portrange documentation and bugfix
Submitted by: Ruslan Ermilov <ru@ucb.crimea.ua>
PR: 11690

3.2 candidate ?

Add a comment that natd is made for use with NICs, not PPP links - I'm
tired of the five people each day that ask me how to set up natd for
use with PPP.

Upgrade (almost) to natd 2.0b1

- Transparent proxy support.
- PERMANENT_LINK IS NOW OBSOLETE, use redirect_port instead.
- Drop support for early FreeBSD 2.2 versions
- If separate input & output sockets are being used
use them to find out packet direction instead of
normal mechanism. This can be handy in complex environments
with multiple interfaces.
- PPTP redirect support by Dru Nelson <dnelson@redwoodsoft.com> added.
- Logging enhancements from Martin Machacek <mm@i.cz> added.

Obtained from: Ari Suutari <ari@suutari.iki.fi>

Fix inconsistent port numbering in man page.

PR: 7250
Submitted-by: Norihiro Kumagai <kuma@jp.freebsd.org>

Add $Id$.

PR: 7249

Suggest port 8668 rather than 6668 for natd.
6668 is IRC.

Fix incorrect flag spec
PR: 6339 (part of)
Submitted by: Chris Dillon <cdillon@wolves.k12.mo.us>

.Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq.

Make it clear that aliasing is done on the public interface, not
the private one.

Add -redirect_port and -redirect_address to the
synopsis.

Use err(3). Change firewall to firewall_enable in man page according to
/etc/rc.conf.

Sort cross refereces in section SEE ALSO.

Typo.

Fix my e-mail address. Old work addres is no good.

- Buffer space problem found by Sergio Lenzi <lenzi@bsi.com.br>
fixed. Natd now waits with select(2) for buffer space
to become available if write fails.
- Packet aliasing library upgraded to 2.2.

Submitted by: Ari Suutari <suutari@iki.fi>

Suggest using /etc/services entry rather than a
number in the "ipfw add divert" example.

sysconfig -> rc.conf

This commit was generated by cvs2svn to compensate for changes in r26781,
which included commits to RCS files with non-trunk default branches.

Bring natd into main source tree now that the
pppd/natd combination works ok.

Submitted by: Ari Suutari <ari.suutari@ps.carel.fi>