Clarify needed permission to open /dev/pf et al for reading

Issue: #66 Reported by: Nikolay Khodov
2024-11-18 03:25:31 +00:00 · 2014-12-08 19:40:01 +01:00 · 2014-12-08 19:40:01 +01:00 · d6b11f61b7
commit d6b11f61b7
parent 39e9c898e5
1 changed files with 4 additions and 0 deletions
--- a/sslsplit.1
+++ b/sslsplit.1
@ -413,6 +413,8 @@ SSLsplit currently supports the following NAT engines:
 OpenBSD packet filter (pf) \fBrdr\fP/\fBrdr-to\fP NAT redirects, also available
 on FreeBSD, NetBSD and Mac OS X.
 Fully supported, including IPv6.
+Note that SSLsplit needs permission to open \fB/dev/pf\fP for reading, which by
+default means that it needs to run under \fBroot\fP privileges.
 Assuming inbound interface \fBem0\fP, first in old (FreeBSD, Mac OS X),
 then in new (OpenBSD 4.7+) syntax:
 .LP
@ -474,6 +476,8 @@ First in IPFW, then in pf \fBdivert-to\fP syntax:
 .B ipfilter
 IPFilter (ipfilter, ipf), available on many systems, including FreeBSD, NetBSD,
 Linux and Solaris.
+Note that SSLsplit needs permission to open \fB/dev/ipnat\fP for reading, which
+by default means that it needs to run under \fBroot\fP privileges.
 Only supports IPv4 due to limitations in the SIOCGNATL ioctl(2) interface.
 Assuming inbound interface \fBbge0\fP:
 .LP