From 16b3d3546de89ef8943fdfb422af09c1ebeea87f Mon Sep 17 00:00:00 2001
From: Christian Brueffer <brueffer@FreeBSD.org>
Date: Tue, 4 Feb 2003 01:33:25 +0000
Subject: [PATCH] Correct examples for stateful inspection

PR:		47817
Submitted by:	Simon L.Nielsen <simon@nitro.dk>
Reviewed by:	ceri, luigi
---
 sbin/ipfw/ipfw.8 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 34e5012a7d5d..6744ab499563 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -1212,7 +1212,7 @@ dynamic rule for the flow so that packets belonging to that session
 will be allowed through the firewall:
 .Pp
 .Dl "ipfw add check-state"
-.Dl "ipfw add allow tcp from my-subnet to any setup"
+.Dl "ipfw add allow tcp from my-subnet to any setup keep-state"
 .Dl "ipfw add deny tcp from any to any"
 .Pp
 A similar approach can be used for UDP, where an UDP packet coming
@@ -1220,7 +1220,7 @@ from the inside will install a dynamic rule to let the response through
 the firewall:
 .Pp
 .Dl "ipfw add check-state"
-.Dl "ipfw add allow udp from my-subnet to any"
+.Dl "ipfw add allow udp from my-subnet to any keep-state"
 .Dl "ipfw add deny udp from any to any"
 .Pp
 Dynamic rules expire after some time, which depends on the status