tweak the "once" text; ok sashan

diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index ce52d79..157db72 100644 (file)
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: pf.conf.5,v 1.598 2022/11/09 23:00:00 sashan Exp $
+.\"    $OpenBSD: pf.conf.5,v 1.599 2022/11/10 19:07:21 jmc Exp $
 .\"
 .\" Copyright (c) 2002, Daniel Hartmeier
 .\" Copyright (c) 2003 - 2013 Henning Brauer <henning@openbsd.org>
@@ -28,7 +28,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 9 2022 $
+.Dd $Mdocdate: November 10 2022 $
 .Dt PF.CONF 5
 .Os
 .Sh NAME
@@ -661,14 +661,12 @@ When the rate is exceeded, all ICMP is blocked until the rate falls below
 100 per 10 seconds again.
 .Pp
 .It Cm once
-Creates a one shot rule. The first matching packet marks rule as expired.
-The expired rule is never evaluated then.
+Creates a one shot rule.
+The first matching packet marks the rule as expired;
+any expired rules are no longer evaluated.
+Expired rules are only shown in verbose mode (-vv):
 .Xr pfctl 8
-does not report expired rules unless run in verbose mode ('-vv'). In verbose
-mode
-.Xr pfctl 8
-appends  '# expired' to note the once rule which got hit by packet other
-already.
+will append '# expired' to note any once rules which have already been hit.
 .Pp
 .It Cm probability Ar number Ns %
 A probability attribute can be attached to a rule,