Correct examples for stateful inspection

PR: 47817 Submitted by: Simon L.Nielsen <simon@nitro.dk> Reviewed by: ceri, luigi
author: brueffer <brueffer@FreeBSD.org> 2003-02-04 01:33:25 +0000
committer: brueffer <brueffer@FreeBSD.org> 2003-02-04 01:33:25 +0000
commit: cbd85a777d713a4108df2835eb5a1ef0027f0433 (patch)
tree: 8f93bae6f39941d885294bd253c4cc001f69dc83 /sbin/ipfw
parent: f2d3e8e22c98806ae4a9cc529bc7cab78301faab (diff)
download: FreeBSD-src-cbd85a777d713a4108df2835eb5a1ef0027f0433.zip
FreeBSD-src-cbd85a777d713a4108df2835eb5a1ef0027f0433.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 34e5012..6744ab4 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -1212,7 +1212,7 @@ dynamic rule for the flow so that packets belonging to that session
 will be allowed through the firewall:
 .Pp
 .Dl "ipfw add check-state"
-.Dl "ipfw add allow tcp from my-subnet to any setup"
+.Dl "ipfw add allow tcp from my-subnet to any setup keep-state"
 .Dl "ipfw add deny tcp from any to any"
 .Pp
 A similar approach can be used for UDP, where an UDP packet coming
@@ -1220,7 +1220,7 @@ from the inside will install a dynamic rule to let the response through
 the firewall:
 .Pp
 .Dl "ipfw add check-state"
-.Dl "ipfw add allow udp from my-subnet to any"
+.Dl "ipfw add allow udp from my-subnet to any keep-state"
 .Dl "ipfw add deny udp from any to any"
 .Pp
 Dynamic rules expire after some time, which depends on the status
author	brueffer <brueffer@FreeBSD.org>	2003-02-04 01:33:25 +0000
committer	brueffer <brueffer@FreeBSD.org>	2003-02-04 01:33:25 +0000
commit	cbd85a777d713a4108df2835eb5a1ef0027f0433 (patch)
tree	8f93bae6f39941d885294bd253c4cc001f69dc83 /sbin/ipfw
parent	f2d3e8e22c98806ae4a9cc529bc7cab78301faab (diff)
download	FreeBSD-src-cbd85a777d713a4108df2835eb5a1ef0027f0433.zip FreeBSD-src-cbd85a777d713a4108df2835eb5a1ef0027f0433.tar.gz