Fixed the description of how packets re-enter IP firewall filter.

Suggested by: Ari Suutari <ari@suutari.iki.fi>
author: ru <ru@FreeBSD.org> 1999-10-06 09:26:39 +0000
committer: ru <ru@FreeBSD.org> 1999-10-06 09:26:39 +0000
commit: 3fe86c67fed4305f82703d63da9af518f6a59e4c (patch)
tree: 67c78c31e1b0430681c9be2f1d7f1962947d9967 /sbin/natd
parent: e55257e52f2fca9aaf9350ae634efaff4d28ea1a (diff)
download: FreeBSD-src-3fe86c67fed4305f82703d63da9af518f6a59e4c.zip
FreeBSD-src-3fe86c67fed4305f82703d63da9af518f6a59e4c.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/sbin/natd/natd.8 b/sbin/natd/natd.8
index 6ca4595..42b4be4 100644
--- a/sbin/natd/natd.8
+++ b/sbin/natd/natd.8
@@ -393,10 +393,13 @@ and assumes that you've updated
 with the natd entry as above.  If you specify real firewall rules, it's
 best to specify line 2 at the start of the script so that
 .Nm
-sees all packets before they are dropped by the firewall.  The firewall
-rules will be run again on each packet after translation by
+sees all packets before they are dropped by the firewall.
+.Pp
+After translation by
 .Nm natd ,
-minus any divert rules.
+packets re-enter the firewall at the rule number following the rule number
+that caused the diversion (not the next rule if there are several at the
+same number).
 
 .It
 Enable your firewall by setting
author	ru <ru@FreeBSD.org>	1999-10-06 09:26:39 +0000
committer	ru <ru@FreeBSD.org>	1999-10-06 09:26:39 +0000
commit	3fe86c67fed4305f82703d63da9af518f6a59e4c (patch)
tree	67c78c31e1b0430681c9be2f1d7f1962947d9967 /sbin/natd
parent	e55257e52f2fca9aaf9350ae634efaff4d28ea1a (diff)
download	FreeBSD-src-3fe86c67fed4305f82703d63da9af518f6a59e4c.zip FreeBSD-src-3fe86c67fed4305f82703d63da9af518f6a59e4c.tar.gz