From 3fe86c67fed4305f82703d63da9af518f6a59e4c Mon Sep 17 00:00:00 2001
From: ru <ru@FreeBSD.org>
Date: Wed, 6 Oct 1999 09:26:39 +0000
Subject: Fixed the description of how packets re-enter IP firewall filter.

Suggested by:	Ari Suutari <ari@suutari.iki.fi>
---
 sbin/natd/natd.8 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'sbin/natd')

diff --git a/sbin/natd/natd.8 b/sbin/natd/natd.8
index 6ca4595..42b4be4 100644
--- a/sbin/natd/natd.8
+++ b/sbin/natd/natd.8
@@ -393,10 +393,13 @@ and assumes that you've updated
 with the natd entry as above.  If you specify real firewall rules, it's
 best to specify line 2 at the start of the script so that
 .Nm
-sees all packets before they are dropped by the firewall.  The firewall
-rules will be run again on each packet after translation by
+sees all packets before they are dropped by the firewall.
+.Pp
+After translation by
 .Nm natd ,
-minus any divert rules.
+packets re-enter the firewall at the rule number following the rule number
+that caused the diversion (not the next rule if there are several at the
+same number).
 
 .It
 Enable your firewall by setting
-- 
cgit v1.1