summaryrefslogtreecommitdiff
path: root/share/man/man5
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2003-03-10 14:15:03 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2003-03-10 14:15:03 +0000
commit84f94ffe61c744caab37462b306916b453ab0c2d (patch)
tree3383d5cf5dffe9a25e86e2324bc104ca600e61af /share/man/man5
parent0f9097e8afae197e6738faaaa29f3e80696e9e8c (diff)
small changes to mike's random-id section;
ok frantzen@
Diffstat (limited to 'share/man/man5')
-rw-r--r--share/man/man5/pf.conf.513
1 files changed, 7 insertions, 6 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index cc3ae78dc71..fa9a467d00a 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pf.conf.5,v 1.213 2003/03/10 09:40:47 deraadt Exp $
+.\" $OpenBSD: pf.conf.5,v 1.214 2003/03/10 14:15:02 jmc Exp $
.\"
.\" Copyright (c) 2002, Daniel Hartmeier
.\" All rights reserved.
@@ -426,7 +426,8 @@ Clears the
bit from a matching ip packet.
Some operating systems are known to generate fragmented packets with the
.Ar dont-fragment
-bit set. This is particularly true with NFS.
+bit set.
+This is particularly true with NFS.
.Ar Scrub
will drop such fragmented
.Ar dont-fragment
@@ -436,16 +437,16 @@ is specified.
.Pp
Unfortunately some operating systems also generate their
.Ar dont-fragment
-packets that all contain a zero IP identification field.
+packets with a zero IP identification field.
Clearing the
.Ar dont-fragment
bit on packets with a zero IP ID may cause deleterious results if an
upstream router later fragments the packet.
-Using the below mentioned
+Using the
.Ar random-id
-modifier is recommended in combination with the
+modifier (see below) is recommended in combination with the
.Ar no-df
-modifier to insure unique IP identifiers.
+modifier to ensure unique IP identifiers.
.It Ar min-ttl <number>
Enforces a minimum ttl for matching ip packets.
.It Ar max-mss <number>