diff options
| author |   dhartmei <dhartmei@openbsd.org> | 2002-02-23 01:22:54 +0000 |
|---|---|---|
| committer | dhartmei <dhartmei@openbsd.org> | 2002-02-23 01:22:54 +0000 |
| commit | 3ce9da17179d61ebeee8c3360bf307bbcf412147 (patch) | |
| tree | bd88e7ee645c767b8185ed9f4389526552a05b6b | |
| parent | No more POOL_EXPOSE. (diff) | |
| download | wireguard-openbsd-3ce9da17179d61ebeee8c3360bf307bbcf412147.tar.xz wireguard-openbsd-3ce9da17179d61ebeee8c3360bf307bbcf412147.zip | |
Mention that normalization happens before filtering, and that the position
of scrub rules (in relation to pass/block rules) is not relevant.
| -rw-r--r-- | share/man/man5/pf.conf.5 | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index fd0a34a187d..a9af66c499c 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.32 2002/02/19 12:18:24 dhartmei Exp $ +.\" $OpenBSD: pf.conf.5,v 1.33 2002/02/23 01:22:54 dhartmei Exp $ .\" .\" Copyright (c) 2001, Daniel Hartmeier .\" All rights reserved. @@ -460,6 +460,11 @@ Clears the bit from a matching ip packet. .Ss min-ttl <number> Enforces a minimum ttl for matching ip packets. +.Pp +Normalization occurs before filtering, scrub rules and pass/block +rules are evaluated independantly. +Hence, their relative position in the rule set is not relevant, +and packets can't be blocked before normalization. .Sh EXAMPLES .Bd -literal # The external interface is kue0 (157.161.48.183, the only routable address) |