Spotted by form@, mdoc things from mpech@:

o) wrap long lines;
o) start new sentence on a new line;
o) 41952 -> 49151;
o) add 'flags S/SA' in "FILTER EXAMPLES";
o) remove blank lines before .Ed;

dhartmei@, henning@

1 files changed, 18 insertions, 14 deletions

diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index ea878e6458b..2f3c60786c0 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.conf.5,v 1.58 2002/06/16 17:54:30 henning Exp $
+.\"	$OpenBSD: pf.conf.5,v 1.59 2002/06/20 06:21:40 mpech Exp $
 .\"
 .\" Copyright (c) 2001, Daniel Hartmeier
 .\" All rights reserved.
@@ -219,7 +219,8 @@ or to the firewall itself.
 .It Em block
 The packet is blocked.
 Optionally, the filter can return a TCP RST or ICMP UNREACHABLE packet
-to the sender, where applicable. Returning ICMP packets can have
+to the sender, where applicable.
+Returning ICMP packets can have
 an ICMP code set by number or name, TCP RST can have a TTL set.
 .It Em pass
 The packet is passed.
@@ -230,12 +231,14 @@ IPv6 packets are not defragmented.
 .It Em binat
 A
 .Em binat
-rule specifies a bidirectional mapping between an external IP address and an internal IP address.
+rule specifies a bidirectional mapping between an external IP address
+and an internal IP address.
 .It Em nat
 A
 .Em nat
 rule specifies that IP addresses are to be changed as the packet
-traverses the given interface. This technique allows a single IP address
+traverses the given interface.
+This technique allows a single IP address
 on the translating host to support network traffic for a larger range of
 machines on an "inside" network.
 Although in theory any IP address can be used on the inside, it is strongly
@@ -295,8 +298,8 @@ The
 .Sq no
 option is to a NAT rule what the
 .Sq quick
-option is to a filter rule. This option causes matching packets
-to remain untranslated.
+option is to a filter rule.
+This option causes matching packets to remain untranslated.
 .Sh ROUTING
 If a packet matches a rule with a route option set, the packet filter will
 route the packet according to the type of route option.
@@ -640,14 +643,16 @@ each think that the other had somehow lost sync.
 .Pp
 Caveat:  If the state table is flushed or the firewall is rebooted,
 currently modulated connections can not be continued or picked
-up again by the firewall.  State modulation causes the firewall to phase
+up again by the firewall.
+State modulation causes the firewall to phase
 shift the sequencing of each side of a connection
 .Po
 add a random number to each side.
 .Pc
 The sudden withdrawl
 of the modulation will appear to each side of the connection that its
-peer has suddenly shifted its sequence by a random amount.  Neither side
+peer has suddenly shifted its sequence by a random amount.
+Neither side
 will be able to recover and the connection will stall then eventually close.
 .Sh STATE OPTIONS
 Both "keep state" and "modulate state" support the following options:
@@ -813,12 +818,12 @@ pass out on $ext_if proto tcp all modulate state
 
 # pass in certain TCP connections and keep state (SSH, SMTP, DNS, IDENT)
 pass in on $ext_if proto tcp from any to any port { ssh, smtp, domain, \\
-	auth } keep state
+	auth } flags S/SA keep state
 
 # pass in data mode connections for ftp-proxy running on this host.
 # (see ftp-proxy(8) for details)
-pass in on $ext_if proto tcp from any to 157.161.48.183 port >= 41952 \\
-	keep state
+pass in on $ext_if proto tcp from any to 157.161.48.183 port >= 41951 \\
+	flags S/SA keep state
 
 .Ed
 .SH NAT EXAMPLES
@@ -851,7 +856,8 @@ no nat on fxp1 proto ah from 144.19.74.0/24 to any
 nat on fxp1 from 144.19.74.0/24 to any -> 204.92.77.100
 .Ed
 .Pp
-In the example below, fxp0 is the internal interface. Packets bound
+In the example below, fxp0 is the internal interface.
+Packets bound
 for one specific server, as well as those generated by the sysadmins
 are not proxied, all other connections are.
 .Bd -literal
@@ -889,8 +895,6 @@ rdr on kue0 proto udp from any to (kue0) port 8080 -> 10.1.2.151 port 53
 # translate outgoing ftp control connections to send them to localhost
 # for proxying with ftp-proxy(8) running on port 8081
 rdr on fxp0 proto tcp from any to any port 21 -> 127.0.0.1 port 8081
-
-
 .Ed
 .Sh FILES
 .Bl -tag -width "/etc/pf.conf" -compact