Fixed the description of how packets re-enter IP firewall filter.

Suggested by: Ari Suutari <ari@suutari.iki.fi>
svn path=/head/; revision=51963
1999-10-06 09:26:39 +00:00 · 1999-10-06 09:26:39 +00:00 · 04bf7dcfeb · 2020-12-20 02:59:44 +00:00
commit 04bf7dcfeb
parent 9c6fde3cd3
1 changed files with 6 additions and 3 deletions
--- a/sbin/natd/natd.8
+++ b/sbin/natd/natd.8
@ -393,10 +393,13 @@ and assumes that you've updated
 with the natd entry as above.  If you specify real firewall rules, it's
 best to specify line 2 at the start of the script so that
 .Nm
-sees all packets before they are dropped by the firewall.  The firewall
-rules will be run again on each packet after translation by
+sees all packets before they are dropped by the firewall.
+.Pp
+After translation by
 .Nm natd ,
-minus any divert rules.
+packets re-enter the firewall at the rule number following the rule number
+that caused the diversion (not the next rule if there are several at the
+same number).

 .It
 Enable your firewall by setting