diff options
author | brian <brian@cvs.openbsd.org> | 2000-11-16 22:16:50 +0000 |
---|---|---|
committer | brian <brian@cvs.openbsd.org> | 2000-11-16 22:16:50 +0000 |
commit | 2d0861c3f8e62ac2d4307ef0f4ee7310387dc50e (patch) | |
tree | cb52ae6859ce9d6fdd0ea17a1b36c1f9af4983cf | |
parent | 9d7a5113e762ed3e7a3ca5fbf022c38a20955923 (diff) |
Be a bit more precise about what ``nat deny_incoming yes'' does.
-rw-r--r-- | usr.sbin/ppp/ppp/ppp.8 | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/usr.sbin/ppp/ppp/ppp.8 b/usr.sbin/ppp/ppp/ppp.8 index e1b551651a8..c4b0a1aacba 100644 --- a/usr.sbin/ppp/ppp/ppp.8 +++ b/usr.sbin/ppp/ppp/ppp.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ppp.8,v 1.96 2000/11/02 00:54:34 brian Exp $ +.\" $OpenBSD: ppp.8,v 1.97 2000/11/16 22:16:49 brian Exp $ .Dd 20 September 1995 .nr XX \w'\fC00' .Dt PPP 8 @@ -3166,11 +3166,24 @@ to be redirected to It is useful if you own a small number of real IP numbers that you wish to map to specific machines behind your gateway. .It nat deny_incoming yes|no -If set to yes, this command will refuse all incoming connections -by dropping the packets in much the same way as a firewall would. -.Pp -It should be noted that enabling this option also drops IP packets -that cannot be identified by libalias. This will be fixed in the future. +If set to yes, this command will refuse all incoming packets where an +aliasing link doesn't already exist. +Refer to the +.Sx CONCEPTUAL BACKGROUND +section of +.Xr libalias 3 +for a description of what an +.Dq aliasing link +is. +.Pp +It should be noted under what circumstances an aliasing link is created by +.Xr libalias 3 . +It may be necessary to further protect your network from outside +connections using the +.Dq set filter +or +.Dq nat target +commands. .It nat help|? This command gives a summary of available nat commands. .It nat log yes|no |