"Ease understanding" of how -punch_fw works.

Reviewed by: sheldonh
svn path=/head/; revision=62252
2000-06-29 09:52:14 +00:00 · 2000-06-29 09:52:14 +00:00 · f685a909b5 · 2020-12-20 02:59:44 +00:00
commit f685a909b5
parent 44bb7ac654
1 changed files with 11 additions and 9 deletions
--- a/sbin/natd/natd.8
+++ b/sbin/natd/natd.8
@ -416,21 +416,23 @@ to inject the data into the beginning of the TCP stream.
 .It Fl punch_fw Xo
 .Ar basenumber Ns : Ns Ar count
 .Xc
-This option makes
+This option directs
 .Nm
-.Ql punch holes
+to
+.Dq punch holes
 in an
 .Xr ipfirewall 4
 based firewall for FTP/IRC DCC connections.
-The holes punched are bound by from/to IP address and port; it
-will not be possible to use a hole for another connection.
-A hole is removed when the connection that uses it dies.
+This is done dynamically by installing temporary firewall rules which
+allow a particular connection (and only that connection) to go through
+the firewall.
+The rules are removed once the corresponding connection terminates.
 .Pp
-Arguments
-.Ar basenumber
-and
+A maximum of
 .Ar count
-set the firewall range allocated for punching firewall holes.
+rules starting from the rule number
+.Ar basenumber
+will be used for punching firewall holes.
 The range will be cleared for all rules on startup.
 .El
 .Sh RUNNING NATD