diff options
author | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-22 22:46:42 +0000 |
---|---|---|
committer | Ryan Thomas McBride <mcbride@cvs.openbsd.org> | 2006-10-22 22:46:42 +0000 |
commit | 12e132146a3d2f4550b2a0819fa5d05a6f6b5b69 (patch) | |
tree | 42b902150326b9026a1134372c86010e3c984f45 /share | |
parent | ac506658ebb21e072d1ff4f4390e004b7c69516a (diff) |
'keep state' is now the default.
ok jmc
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man4/bridge.4 | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4 index 7cec5007755..60ae4dda3f4 100644 --- a/share/man/man4/bridge.4 +++ b/share/man/man4/bridge.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bridge.4,v 1.61 2006/07/12 13:33:57 jmc Exp $ +.\" $OpenBSD: bridge.4,v 1.62 2006/10/22 22:46:41 mcbride Exp $ .\" .\" Copyright (c) 1999-2001 Jason L. Wright (jason@thought.net) .\" All rights reserved. @@ -559,9 +559,13 @@ Bridged packets pass through .Xr pf 4 twice. They can be filtered on any interface, in both directions. -For stateful filtering, filtering on only one interface (using -.Ic keep state ) -and passing all traffic on the other interfaces is recommended. +For stateful filtering, filtering on only one interface +and passing all traffic on the other interfaces +(using +.Ic \&no state +or +.Ic set skip ) +is recommended. A state entry only permits outgoing packets from initial source to destination and incoming packets from initial destination to source. Since bridged packets pass through the filter twice with the source |