From: henning Date: Wed, 31 May 2017 09:30:38 +0000 (+0000) Subject: clarify that translations happen immediately on match rules, not generally X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c9c1296a76da0eb1255e0297f4b4d92d1186f5b8;p=openbsd clarify that translations happen immediately on match rules, not generally Tony Gong --- diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5 index 49b296a36f4..54eac726b76 100644 --- a/share/man/man5/pf.conf.5 +++ b/share/man/man5/pf.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pf.conf.5,v 1.564 2017/05/31 09:19:10 bluhm Exp $ +.\" $OpenBSD: pf.conf.5,v 1.565 2017/05/31 09:30:38 henning Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier .\" Copyright (c) 2003 - 2013 Henning Brauer @@ -809,7 +809,9 @@ port of the packets associated with a stateful connection. modifies the specified address and/or port in the packet and recalculates IP, TCP, and UDP checksums as necessary. .Pp -Subsequent rules will see packets as they look +If specified on a +.Ic match +rule, subsequent rules will see packets as they look after any addresses and ports have been translated. These rules will therefore have to filter based on the translated address and port number.