From 2a9e50abe7e46ddb3668d81dd0ad5623266c674b Mon Sep 17 00:00:00 2001 From: Jason McIntyre Date: Tue, 10 Jun 2008 08:04:06 +0000 Subject: tweak previous; --- share/man/man5/pf.conf.5 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'share/man') diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 8eff3ce5300..d3d43845149 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.398 2008/06/10 04:33:04 henning Exp $ +.\" $OpenBSD: pf.conf.5,v 1.399 2008/06/10 08:04:05 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" All rights reserved. @@ -2087,11 +2087,11 @@ For a list of all valid timeout names, see .Sx OPTIONS above. .It Ar sloppy -Uses a sloppy tcp connection tracker that does not check sequence -numbers at all, which makes insertion and icmp teardown attacks way +Uses a sloppy TCP connection tracker that does not check sequence +numbers at all, which makes insertion and ICMP teardown attacks way easier. This is intended to be used in situations where one does not see all -packets of a connection, i. e. in asymmetric routing situations. +packets of a connection, i.e. in asymmetric routing situations. Cannot be used with modulate or synproxy state. .El .Pp -- cgit v1.2.3