1 files changed, 36 insertions, 1 deletions

diff --git a/usr.sbin/authpf/authpf.8 b/usr.sbin/authpf/authpf.8
index b6977da2fce..239fd671f35 100644
--- a/usr.sbin/authpf/authpf.8
+++ b/usr.sbin/authpf/authpf.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: authpf.8,v 1.31 2003/12/10 04:10:37 beck Exp $
+.\" $OpenBSD: authpf.8,v 1.32 2004/04/28 05:06:12 cedric Exp $
 .\"
 .\" Copyright (c) 2002 Bob Beck (beck@openbsd.org>.  All rights reserved.
 .\"
@@ -60,6 +60,10 @@ can add filter and translation rules using the syntax described in
 requires that the
 .Xr pf 4
 system be enabled before use.
+.Nm
+can also maintain the list of IP address of connected users
+in the "authpf_users"
+.Pa table .
 .Pp
 .Nm
 is meant to be used with users who can connect via
@@ -154,6 +158,10 @@ Currently, the allowed values are as follows:
 Use the specified
 .Pa anchor
 name instead of "authpf".
+.It table=name
+Use the specified
+.Pa table
+name instead of "authpf_users".
 .El
 .Sh USER MESSAGES
 On successful invocation,
@@ -465,6 +473,33 @@ Oct 31 19:42:30.296553 rule 0.bbeck(20267).1/0(match): pass out on fxp1: \e
 129.128.11.10.60539 > 198.137.240.92.22: S 2131494121:2131494121(0) win \e
 16384 <mss 1460,nop,nop,sackOK> (DF)
 .Ed
+.Pp
+.Sy Using "authpf_user" table.
+Simple
+.Nm
+settings can be implemented without anchor by just using the "authpf_user"
+.Pa table .
+For example, the following
+.Xr pf.conf 5
+lines will give SMTP and IMAP access to logged in users:
+.Bd -literal
+table <authpf_users> persist
+pass in on $ext_if proto tcp from <authpf_users> \e
+        to port { smtp imap } keep state
+.Ed
+.Pp
+It is also possible to use the "authpf_user"
+.Pa table
+in combination with anchors.
+For example, 
+.Xr pf 4
+processing can be speed up by looking up the anchor
+only for packets coming from logged in users:
+.Bd -literal
+table <authpf_users> persist
+anchor authpf from <authpf_users>
+rdr-anchor authpf from <authpf_users>
+.Ed
 .Sh FILES
 .Bl -tag -width "/etc/authpf/authpf.conf" -compact
 .It Pa /etc/authpf/authpf.conf