diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2008-06-10 08:04:06 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2008-06-10 08:04:06 +0000 |
| commit | 2a9e50abe7e46ddb3668d81dd0ad5623266c674b (patch) | |
| tree | 16497be07035308c3befc66297a29eb86b193624 /share/man/man5 | |
| parent | 8a2827fc0b1ff877cb9524251a2282ffe5a96c41 (diff) | |
tweak previous;
Diffstat (limited to 'share/man/man5')
| -rw-r--r-- | share/man/man5/pf.conf.5 | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 8eff3ce5300..d3d43845149 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.398 2008/06/10 04:33:04 henning Exp $ +.\" $OpenBSD: pf.conf.5,v 1.399 2008/06/10 08:04:05 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -2087,11 +2087,11 @@ For a list of all valid timeout names, see .Sx OPTIONS above. .It Ar sloppy -Uses a sloppy tcp connection tracker that does not check sequence -numbers at all, which makes insertion and icmp teardown attacks way +Uses a sloppy TCP connection tracker that does not check sequence +numbers at all, which makes insertion and ICMP teardown attacks way easier. This is intended to be used in situations where one does not see all -packets of a connection, i. e. in asymmetric routing situations. +packets of a connection, i.e. in asymmetric routing situations. Cannot be used with modulate or synproxy state. .El .Pp |