Be a bit more precise about what ``nat deny_incoming yes'' does.

author: brian <brian@FreeBSD.org> 2000-11-16 21:50:50 +0000
committer: brian <brian@FreeBSD.org> 2000-11-16 21:50:50 +0000
commit: 732fe3d14425e47aefee6a51b510b416c37039a7 (patch)
tree: 6616f1cff806550052cce616352e1f8de35025b3 /usr.sbin
parent: c87c13134f58e8c43d88548733164d19b7bf0fcb (diff)
download: FreeBSD-src-732fe3d14425e47aefee6a51b510b416c37039a7.zip
FreeBSD-src-732fe3d14425e47aefee6a51b510b416c37039a7.tar.gz
2 files changed, 36 insertions, 10 deletions
diff --git a/usr.sbin/ppp/ppp.8 b/usr.sbin/ppp/ppp.8
index 50f2aaa..66463f4 100644
--- a/usr.sbin/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp.8
@@ -3165,11 +3165,24 @@ to be redirected to
 It is useful if you own a small number of real IP numbers that
 you wish to map to specific machines behind your gateway.
 .It nat deny_incoming yes|no
-If set to yes, this command will refuse all incoming connections
-by dropping the packets in much the same way as a firewall would.
-.Pp
-It should be noted that enabling this option also drops IP packets
-that cannot be identified by libalias.  This will be fixed in the future.
+If set to yes, this command will refuse all incoming packets where an
+aliasing link doesn't already exist.
+Refer to the
+.Sx CONCEPTUAL BACKGROUND
+section of
+.Xr libalias 3
+for a description of what an
+.Dq aliasing link
+is.
+.Pp
+It should be noted under what circumstances an aliasing link is created by
+.Xr libalias 3 .
+It may be necessary to further protect your network from outside
+connections using the
+.Dq set filter
+or
+.Dq nat target
+commands.
 .It nat help|?
 This command gives a summary of available nat commands.
 .It nat log yes|no
diff --git a/usr.sbin/ppp/ppp.8.m4 b/usr.sbin/ppp/ppp.8.m4
index 50f2aaa..66463f4 100644
--- a/usr.sbin/ppp/ppp.8.m4
+++ b/usr.sbin/ppp/ppp.8.m4
@@ -3165,11 +3165,24 @@ to be redirected to
 It is useful if you own a small number of real IP numbers that
 you wish to map to specific machines behind your gateway.
 .It nat deny_incoming yes|no
-If set to yes, this command will refuse all incoming connections
-by dropping the packets in much the same way as a firewall would.
-.Pp
-It should be noted that enabling this option also drops IP packets
-that cannot be identified by libalias.  This will be fixed in the future.
+If set to yes, this command will refuse all incoming packets where an
+aliasing link doesn't already exist.
+Refer to the
+.Sx CONCEPTUAL BACKGROUND
+section of
+.Xr libalias 3
+for a description of what an
+.Dq aliasing link
+is.
+.Pp
+It should be noted under what circumstances an aliasing link is created by
+.Xr libalias 3 .
+It may be necessary to further protect your network from outside
+connections using the
+.Dq set filter
+or
+.Dq nat target
+commands.
 .It nat help|?
 This command gives a summary of available nat commands.
 .It nat log yes|no
author	brian <brian@FreeBSD.org>	2000-11-16 21:50:50 +0000
committer	brian <brian@FreeBSD.org>	2000-11-16 21:50:50 +0000
commit	732fe3d14425e47aefee6a51b510b416c37039a7 (patch)
tree	6616f1cff806550052cce616352e1f8de35025b3 /usr.sbin
parent	c87c13134f58e8c43d88548733164d19b7bf0fcb (diff)
download	FreeBSD-src-732fe3d14425e47aefee6a51b510b416c37039a7.zip FreeBSD-src-732fe3d14425e47aefee6a51b510b416c37039a7.tar.gz