Mention IPFIREWALL_DEFAULT_TO_ACCEPT and it's effect on rule 65535.

1 files changed, 6 insertions, 3 deletions

diff --git a/share/man/man4/ipfirewall.4 b/share/man/man4/ipfirewall.4
index 9ad1ee3..2e9d124 100644
--- a/share/man/man4/ipfirewall.4
+++ b/share/man/man4/ipfirewall.4
@@ -1,5 +1,5 @@
 .\"
-.\"     $Id: ipfirewall.4,v 1.6.2.2 1997/03/07 03:07:41 mpp Exp $
+.\"     $Id: ipfirewall.4,v 1.10 1997/06/23 02:12:21 julian Exp $
 .\"
 .Dd June 22, 1997
 .Dt IPFIREWALL 4
@@ -23,8 +23,11 @@ which point the corresponding action is taken. Rules are numbered
 from 1 to 65534; multiple rules may share the same number.
 .Pp
 There is one rule that always exists, rule number 65535. This rule
-causes all packets to be dropped. Hence, any packet which does not
-match a lower numbered rule will be dropped.
+normally causes all packets to be dropped. Hence, any packet which does not
+match a lower numbered rule will be dropped.  However, a kernel compile
+time option
+.Dq IPFIREWALL_DEFAULT_TO_ACCEPT
+allows the administrator to change this fixed rule to permit everything.
 .Pp
 The value passed to 
 .Fn setsockopt