Talk about return-rst improvements. noticed+ok deraadt@

1 files changed, 9 insertions, 2 deletions

diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4
index 9877b601d03..b8135d533fe 100644
--- a/share/man/man4/bridge.4
+++ b/share/man/man4/bridge.4
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: bridge.4,v 1.55 2003/12/08 10:03:43 markus Exp $
+.\"	$OpenBSD: bridge.4,v 1.56 2004/05/04 15:53:22 cedric Exp $
 .\"
 .\" Copyright (c) 1999-2001 Jason L. Wright (jason@thought.net)
 .\" All rights reserved.
@@ -593,7 +593,10 @@ and destination addresses reversed between interfaces, two state
 entries (one for each direction) are required when all interfaces
 are filtered statefully.
 .Pp
-It is unsupported to use filter rules which would generate packets.
+Return packets generated by PF itself are not routed using the
+kernel routing table.
+Instead, PF will send these replies back to the same ethernet
+address that the original packet came from. 
 This applies to rules with
 .Ar return ,
 .Ar return-rst ,
@@ -602,6 +605,10 @@ This applies to rules with
 or
 .Ar synproxy
 defined.
+At the moment, only
+.Ar return-rst
+on IPv4 is implemented and the other packet generating rules
+are unsupported.
 .Pp
 If an IP packet is too large for the outgoing interface the bridge
 will perform IP fragmentation.