I fucked up. The manpage was correct before my last commit.

noticed by Daniel.

To unconfuse it a bit, add a little clarification.

ok dhartmei@

1 files changed, 9 insertions, 6 deletions

diff --git a/libexec/ftp-proxy/ftp-proxy.8 b/libexec/ftp-proxy/ftp-proxy.8
index 11b2be79dda..969b2b80439 100644
--- a/libexec/ftp-proxy/ftp-proxy.8
+++ b/libexec/ftp-proxy/ftp-proxy.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ftp-proxy.8,v 1.25 2002/11/27 16:57:39 henning Exp $
+.\"	$OpenBSD: ftp-proxy.8,v 1.26 2002/11/27 19:43:46 henning Exp $
 .\"
 .\" Copyright (c) 1996-2001
 .\"	Obtuse Systems Corporation, All rights reserved.
@@ -189,12 +189,12 @@ proxy forwards it to the client.
 The
 .Xr pf.conf 5
 rules need to let pass connections to these proxy ports
-(see options -u, -m and -M above) out on the external interface.
+(see options -u, -m and -M above) in on the external interface.
 The following example allows only ports 49152 to 65535 to pass in
 statefully:
 .Bd -literal
-  block out on $ext_if proto tcp all
-  pass  out on $ext_if proto tcp from $ext_if to any \\
+  block in on $ext_if proto tcp all
+  pass  in on $ext_if proto tcp from any to $ext_if \\
       port > 49151 keep state
 .Ed
 .Pp
@@ -202,9 +202,12 @@ Alternatively, rules can make use of the fact that by default,
 .Nm ftp-proxy
 runs as user "proxy" to allow the backchannel connections, as in the following example:
 .Bd -literal
-  block out on $ext_if proto tcp all
-  pass  out on $ext_if proto tcp from $ext_if to any user proxy keep state
+  block in on $ext_if proto tcp all
+  pass  in on $ext_if proto tcp from any to $ext_if user proxy keep state
 .Ed
+These examples do not cover the connections from the proxy to the
+foreign ftp server. If one does not pass outgoing connections by default
+additional rules are needed.
 .Sh SEE ALSO
 .Xr ftp 1 ,
 .Xr pf 4 ,