diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-11-05 16:01:37 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-11-05 16:01:37 +0000 |
| commit | 82837c492ca6ab87fb215ddf25b102e62dd12afe (patch) | |
| tree | e98db07b7f25f51513799fd3effcca9f6bf178e2 /share | |
| parent | 10a6b217752953630c49ab0683f3d1e80bd7a462 (diff) | |
Adjust the description of network translation to match the code
following the nat-to changes. Reworked slightly from a diff from eric@.
ok henning jmc
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man5/pf.conf.5 | 30 |
1 files changed, 9 insertions, 21 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 7927bd62d3d..6ebbb8a61bd 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.461 2009/10/14 14:17:53 jmeltzer Exp $ +.\" $OpenBSD: pf.conf.5,v 1.462 2009/11/05 16:01:36 sthen Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: October 14 2009 $ +.Dd $Mdocdate: November 5 2009 $ .Dt PF.CONF 5 .Os .Sh NAME @@ -735,28 +735,16 @@ pass out proto { tcp, udp } all user { \*(Lt 1000, dhartmei } .Ed .El .Ss Translation -Translation options modify either the source or destination address of the -packets associated with a stateful connection. -A stateful connection is automatically created to track packets matching -such a rule as long as they are not blocked by the filtering section of -.Nm . -The translation engine modifies the specified address and/or port in the -packet, recalculates IP, TCP, and UDP checksums as necessary, and passes it to -the packet filter for evaluation. +Translation options modify either the source or destination address and +port of the packets associated with a stateful connection. +.Xr pf 4 +modifies the specified address and/or port in the packet and recalculates +IP, TCP, and UDP checksums as necessary. .Pp -Since translation occurs before filtering, -the filter engine will see packets as they look +Subsequent rules will see packets as they look after any addresses and ports have been translated. -Filter rules will therefore have to filter based on the translated +These rules will therefore have to filter based on the translated address and port number. -Packets that match a translation rule are only automatically passed if the -.Ar pass -modifier is given, -otherwise they are still subject to -.Ar block -and -.Ar pass -rules. .Pp The state entry created permits .Xr pf 4 |