Merge from head

author: sjg <sjg@FreeBSD.org> 2013-09-05 20:18:59 +0000
committer: sjg <sjg@FreeBSD.org> 2013-09-05 20:18:59 +0000
commit: 62bb1062226d3ce6a2350808256a25508978352d (patch)
tree: 22b131dceb13c3df96da594fbaadb693504797c7 /sbin/ipfw/ipfw.8
parent: 72ab90509b3a51ab361bf710338f2ef44a4e360d (diff)
parent: 04932445481c2cb89ff69a83b961bdef3d64757e (diff)
download: FreeBSD-src-62bb1062226d3ce6a2350808256a25508978352d.zip
FreeBSD-src-62bb1062226d3ce6a2350808256a25508978352d.tar.gz
1 files changed, 0 insertions, 10 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 2047385..65fa334 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -3049,16 +3049,6 @@ option could be used to (re)mark user traffic,
 by adding the following to the appropriate place in ruleset:
 .Pp
 .Dl "ipfw add setdscp be ip from any to any dscp af11,af21"
-.Pp
-This rule drops all incoming packets that appear to be coming from another
-directly connected system but on the wrong interface.
-For example, a packet with a source address of
-.Li 192.168.0.0/24 ,
-configured on
-.Li fxp0 ,
-but coming in on
-.Li fxp1
-would be dropped.
 .Ss DYNAMIC RULES
 In order to protect a site from flood attacks involving fake
 TCP packets, it is safer to use dynamic rules:
author	sjg <sjg@FreeBSD.org>	2013-09-05 20:18:59 +0000
committer	sjg <sjg@FreeBSD.org>	2013-09-05 20:18:59 +0000
commit	62bb1062226d3ce6a2350808256a25508978352d (patch)
tree	22b131dceb13c3df96da594fbaadb693504797c7 /sbin/ipfw/ipfw.8
parent	72ab90509b3a51ab361bf710338f2ef44a4e360d (diff)
parent	04932445481c2cb89ff69a83b961bdef3d64757e (diff)
download	FreeBSD-src-62bb1062226d3ce6a2350808256a25508978352d.zip FreeBSD-src-62bb1062226d3ce6a2350808256a25508978352d.tar.gz