diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2017-05-31 09:30:39 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2017-05-31 09:30:39 +0000 |
| commit | b5dd173816530bc52d5eacea1f0adb303053be44 (patch) | |
| tree | a8b1b8d0f17447ce3d0cce56377810157182f9b0 /share/man/man5 | |
| parent | fd0b441569b9ff2e9c4a9e560b0c951195b7ca05 (diff) | |
clarify that translations happen immediately on match rules, not generally
Tony Gong <tony.y.gong at gmail>
Diffstat (limited to 'share/man/man5')
| -rw-r--r-- | share/man/man5/pf.conf.5 | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 49b296a36f4..54eac726b76 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.564 2017/05/31 09:19:10 bluhm Exp $ +.\" $OpenBSD: pf.conf.5,v 1.565 2017/05/31 09:30:38 henning Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" Copyright (c) 2003 - 2013 Henning Brauer <henning@openbsd.org> @@ -809,7 +809,9 @@ port of the packets associated with a stateful connection. modifies the specified address and/or port in the packet and recalculates IP, TCP, and UDP checksums as necessary. .Pp -Subsequent rules will see packets as they look +If specified on a +.Ic match +rule, subsequent rules will see packets as they look after any addresses and ports have been translated. These rules will therefore have to filter based on the translated address and port number. |