clarify that translations happen immediately on match rules, not generally

author henning <henning@openbsd.org>

Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)

committer henning <henning@openbsd.org>

Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)
author henning <henning@openbsd.org>
Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)
committer henning <henning@openbsd.org>
Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)
diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5

index 49b296a..54eac72 100644 (file)
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: pf.conf.5,v 1.564 2017/05/31 09:19:10 bluhm Exp $
+.\"    $OpenBSD: pf.conf.5,v 1.565 2017/05/31 09:30:38 henning Exp $
  .\"
  .\" Copyright (c) 2002, Daniel Hartmeier
  .\" Copyright (c) 2003 - 2013 Henning Brauer <henning@openbsd.org>
@@ -809,7 +809,9 @@ port of the packets associated with a stateful connection.
  modifies the specified address and/or port in the packet and recalculates
  IP, TCP, and UDP checksums as necessary.
  .Pp
-Subsequent rules will see packets as they look
+If specified on a
+.Ic match
+rule, subsequent rules will see packets as they look
  after any addresses and ports have been translated.
  These rules will therefore have to filter based on the translated
  address and port number.
author	henning <henning@openbsd.org>
	Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)
committer	henning <henning@openbsd.org>
	Wed, 31 May 2017 09:30:38 +0000 (09:30 +0000)