doc: lint man pages (hyphens and spelling)

* hyphen-used-as-minus-sign
* spelling-error-in-manpage

diff --git a/extensions/libxt_DNETMAP.man b/extensions/libxt_DNETMAP.man
index 6b279e27e643d5e59bd4c9a41dbeb2be1bdeb860..10c77ac03601269f6eb0de1e1864c00e97d544a4 100644 (file)
--- a/extensions/libxt_DNETMAP.man
+++ b/extensions/libxt_DNETMAP.man
@@ -64,12 +64,12 @@ Removes binding with \fIIP\fR as prenat or postnat address. If removed binding
 is currently static, it'll make entry available for dynamic allocation.
 .TP
 echo "+persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
-Sets persistent flag for prefix. It's usefull if you don't want bindings to get
+Sets persistent flag for prefix. It's useful if you don't want bindings to get
 flushed when firewall is restarted. You can check if prefix is persistent by
 printing \fB/proc/net/xt_DNETMAP/\fR\fIsubnet\fR\fB_\fR\fImask\fR\fB_stat\fR
 contents.
 .TP
-echo "-persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
+echo "\-persistent" > \fB/proc/net/xt_DNETMAP/subnet_mask\fR
 Unsets persistent flag for prefix. In this mode prefix will be deleted if the
 last iptables rule for that prefix is removed.
 .TP
@@ -90,7 +90,7 @@ using \fBdisable_log\fR module parameter.
 
 \fB1.\fR Map subnet 192.168.0.0/24 to subnets 20.0.0.0/26. SNAT only:
 
-iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26
+iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
 
 Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26. If packet
 from not yet bound prenat-ip hits the rule and there are no free or timed-out
@@ -101,10 +101,10 @@ bindings ttl value is regenerated to default_ttl and SNAT is performed.
 \fB2.\fR Use of \fB\-\-reuse\fR and \fB\-\-ttl\fR switches, multiple rule
 interaction:
 
-iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix
-20.0.0.0/26 --reuse --ttl 200
+iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix
+20.0.0.0/26 \-\-reuse \-\-ttl 200
 
-iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 30.0.0.0/26
+iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 30.0.0.0/26
 
 Active hosts from 192.168.0.0/24 subnet are mapped to 20.0.0.0/26 with ttl =
 200 seconds. If there are no free addresses in first prefix the next one
@@ -117,9 +117,9 @@ If both subnets are exhaused, then chain traversal continues.
 
 \fB3.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 bidirectional way:
 
-iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26
+iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
 
-iptables -t nat -A PREROUTING -j DNETMAP
+iptables \-t nat \-A PREROUTING \-j DNETMAP
 
 If host 192.168.0.10 generates some traffic, it gets bound to first free IP in
 subnet - 20.0.0.0. Now any traffic directed to 20.0.0.0 gets DNATed to
@@ -130,8 +130,8 @@ DNAT work for specific prefix only.
 
 \fB4.\fR Map 192.168.0.0/24 to subnets 20.0.0.0/26 with static assignments only:
 
-iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26
---static
+iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
+\-\-static
 
 echo "+192.168.0.10:20.0.0.1" > /proc/net/xt_DNETMAP/20.0.0.0_26
 .br
@@ -145,12 +145,12 @@ using non-static entries.
 
 \fB5.\fR Persistent prefix:
 
-iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26
---persistent
+iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
+\-\-persistent
 .br
 \fBor\fR
 .br
-iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j DNETMAP --prefix 20.0.0.0/26
+iptables \-t nat \-A POSTROUTING \-s 192.168.0.0/24 \-j DNETMAP \-\-prefix 20.0.0.0/26
 .br
 echo "+persistent" > /proc/net/xt_DNETMAP/20.0.0.0_26
 
@@ -162,11 +162,11 @@ cat /proc/net/xt_DNETMAP/20.0.0.0_26
 
 Flush iptables nat table and see that prefix is still in existence:
 .br
-iptables -F -t nat
+iptables \-F \-t nat
 .br
-ls -l /proc/net/xt_DNETMAP
+ls \-l /proc/net/xt_DNETMAP
 .br
--rw-r--r-- 1 root root 0 06-10 09:01 20.0.0.0_26
+\-rw\-r\-\-r\-\- 1 root root 0 06\-10 09:01 20.0.0.0_26
 .br
--rw-r--r-- 1 root root 0 06-10 09:01 20.0.0.0_26_stat
+\-rw\-r\-\-r\-\- 1 root root 0 06\-10 09:01 20.0.0.0_26_stat
 .

diff --git a/extensions/libxt_geoip.man b/extensions/libxt_geoip.man
index fc966df9e26744aeea95efa9dc858d679fb0faed..f5e71c7e8e2657299c3b8682cbc4272ff637ac8b 100644 (file)
--- a/extensions/libxt_geoip.man
+++ b/extensions/libxt_geoip.man
@@ -15,8 +15,8 @@ with the source package, and which should be available in compiled packages in
 /usr/lib(exec)/xtables-addons/. The first command retrieves CSV files from
 MaxMind, while the other two build packed bisectable range files:
 .PP
-mkdir -p /usr/share/xt_geoip; cd /tmp; $path/to/xt_geoip_dl;
+mkdir \-p /usr/share/xt_geoip; cd /tmp; $path/to/xt_geoip_dl;
 .PP
-$path/to/xt_geoip_build -D /usr/share/xt_geoip GeoIP*.csv;
+$path/to/xt_geoip_build \-D /usr/share/xt_geoip GeoIP*.csv;
 .PP
 The shared library is hardcoded to look in these paths, so use them.

diff --git a/extensions/libxt_lscan.man b/extensions/libxt_lscan.man
index 4ec6ec00bba542e584aa8ddb8a2fb1bf07d3138f..e0408df1141b09d6f755b38a3146dbb5c4f2c6eb 100644 (file)
--- a/extensions/libxt_lscan.man
+++ b/extensions/libxt_lscan.man
@@ -1,4 +1,4 @@
-Detects simple low-level scan attemps based upon the packet's contents.
+Detects simple low-level scan attempts based upon the packet's contents.
 (This is
 different from other implementations, which also try to match the rate of new
 connections.) Note that an attempt is only discovered after it has been carried

diff --git a/extensions/pknock/libxt_pknock.man b/extensions/pknock/libxt_pknock.man
index c57d1c96ed6319e136c02ee0132fe4f78425106b..9ac361cb1794017e350de907bc36880007c63606 100644 (file)
--- a/extensions/pknock/libxt_pknock.man
+++ b/extensions/pknock/libxt_pknock.man
@@ -15,10 +15,10 @@ modprobe xt_pknock
 .PP
 Example 1 (TCP mode, manual closing of opened port not possible):
 .IP
-iptables -P INPUT DROP
+iptables \-P INPUT DROP
 .IP
-iptables -A INPUT -p tcp -m pknock --knockports 4002,4001,4004 --strict
---name SSH --time 10 --autoclose 60 --dport 22 -j ACCEPT
+iptables \-A INPUT \-p tcp \-m pknock \-\-knockports 4002,4001,4004 \-\-strict
+\-\-name SSH \-\-time 10 \-\-autoclose 60 \-\-dport 22 \-j ACCEPT
 .PP
 The rule will allow tcp port 22 for the attempting IP address after the successful reception of TCP SYN packets
 to ports 4002, 4001 and 4004, in this order (a.k.a. port-knocking).
@@ -33,10 +33,10 @@ Example 2 (UDP mode \(em non-replayable and non-spoofable, manual closing
 of opened port possible, secure, also called "SPA" = Secure Port
 Authorization):
 .IP
-iptables -A INPUT -p udp -m pknock --knockports 4000 --name FTP
---opensecret foo --closesecret bar --autoclose 240 -j DROP
+iptables \-A INPUT \-p udp \-m pknock \-\-knockports 4000 \-\-name FTP
+\-\-opensecret foo \-\-closesecret bar \-\-autoclose 240 \-j DROP
 .IP
-iptables -A INPUT -p tcp -m pknock --checkip --name FTP --dport 21 -j ACCEPT
+iptables \-A INPUT \-p tcp \-m pknock \-\-checkip \-\-name FTP \-\-dport 21 \-j ACCEPT
 .PP
 The first rule will create an "ALLOWED" record in /proc/net/xt_pknock/FTP after
 the successful reception of an UDP packet to port 4000. The packet payload must be

diff --git a/geoip/xt_geoip_build.1 b/geoip/xt_geoip_build.1
index 3118787950677093dcd62f10449244a9f4ebcd17..9e64fdd509ef41bb3da95ae233da66372f9c90b5 100644 (file)
--- a/geoip/xt_geoip_build.1
+++ b/geoip/xt_geoip_build.1
@@ -29,7 +29,7 @@ Specify a target directory into which the files are to be put.
 .PP
 Shell commands to build the databases and put them to where they are expected:
 .PP
-xt_geoip_build -D /usr/share/xt_geoip
+xt_geoip_build \-D /usr/share/xt_geoip
 .SH See also
 .PP
 xt_geoip_dl(1)