summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>2000-11-16 22:16:50 +0000
committerbrian <brian@cvs.openbsd.org>2000-11-16 22:16:50 +0000
commit2d0861c3f8e62ac2d4307ef0f4ee7310387dc50e (patch)
treecb52ae6859ce9d6fdd0ea17a1b36c1f9af4983cf
parent9d7a5113e762ed3e7a3ca5fbf022c38a20955923 (diff)
Be a bit more precise about what ``nat deny_incoming yes'' does.
-rw-r--r--usr.sbin/ppp/ppp/ppp.825
1 files changed, 19 insertions, 6 deletions
diff --git a/usr.sbin/ppp/ppp/ppp.8 b/usr.sbin/ppp/ppp/ppp.8
index e1b551651a8..c4b0a1aacba 100644
--- a/usr.sbin/ppp/ppp/ppp.8
+++ b/usr.sbin/ppp/ppp/ppp.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ppp.8,v 1.96 2000/11/02 00:54:34 brian Exp $
+.\" $OpenBSD: ppp.8,v 1.97 2000/11/16 22:16:49 brian Exp $
.Dd 20 September 1995
.nr XX \w'\fC00'
.Dt PPP 8
@@ -3166,11 +3166,24 @@ to be redirected to
It is useful if you own a small number of real IP numbers that
you wish to map to specific machines behind your gateway.
.It nat deny_incoming yes|no
-If set to yes, this command will refuse all incoming connections
-by dropping the packets in much the same way as a firewall would.
-.Pp
-It should be noted that enabling this option also drops IP packets
-that cannot be identified by libalias. This will be fixed in the future.
+If set to yes, this command will refuse all incoming packets where an
+aliasing link doesn't already exist.
+Refer to the
+.Sx CONCEPTUAL BACKGROUND
+section of
+.Xr libalias 3
+for a description of what an
+.Dq aliasing link
+is.
+.Pp
+It should be noted under what circumstances an aliasing link is created by
+.Xr libalias 3 .
+It may be necessary to further protect your network from outside
+connections using the
+.Dq set filter
+or
+.Dq nat target
+commands.
.It nat help|?
This command gives a summary of available nat commands.
.It nat log yes|no