From owner-svn-doc-head@freebsd.org Sat Aug 1 10:48:29 2020 Return-Path: Delivered-To: svn-doc-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 410C6377349; Sat, 1 Aug 2020 10:48:29 +0000 (UTC) (envelope-from gbe@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BJgqK0rcXz4Bh3; Sat, 1 Aug 2020 10:48:29 +0000 (UTC) (envelope-from gbe@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F01C91199E; Sat, 1 Aug 2020 10:48:28 +0000 (UTC) (envelope-from gbe@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 071AmS2Y000770; Sat, 1 Aug 2020 10:48:28 GMT (envelope-from gbe@FreeBSD.org) Received: (from gbe@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 071AmSlF000769; Sat, 1 Aug 2020 10:48:28 GMT (envelope-from gbe@FreeBSD.org) Message-Id: <202008011048.071AmSlF000769@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gbe set sender to gbe@FreeBSD.org using -f From: Gordon Bergling Date: Sat, 1 Aug 2020 10:48:28 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54389 - head/en_US.ISO8859-1/books/handbook/firewalls X-SVN-Group: doc-head X-SVN-Commit-Author: gbe X-SVN-Commit-Paths: head/en_US.ISO8859-1/books/handbook/firewalls X-SVN-Commit-Revision: 54389 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Aug 2020 10:48:29 -0000 Author: gbe Date: Sat Aug 1 10:48:28 2020 New Revision: 54389 URL: https://svnweb.freebsd.org/changeset/doc/54389 Log: Handbook/Firewalls: correct the network devices in the NAT example PR: 232042 Submitted by: Samy Mahmoudi Reviewed by: bcr Approved by: bcr Differential Revision: https://reviews.freebsd.org/D25652 Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sat Aug 1 10:16:40 2020 (r54388) +++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sat Aug 1 10:48:28 2020 (r54389) @@ -630,8 +630,8 @@ pass proto udp to any port $udp_services keep state

PF to act as a gateway for at least one other machine. The gateway needs at least two network interfaces, each connected to a separate - network. In this example, xl1 is - connected to the Internet and xl0 is + network. In this example, xl0 is + connected to the Internet and xl1 is connected to the internal network. First, enable the gateway to let the machine @@ -657,9 +657,9 @@ pass proto udp to any port $udp_services keep state

Next, create the PF rules to allow the gateway to pass traffic. While the following rule - allows stateful traffic to pass from the Internet to hosts - on the network, the to keyword does not - guarantee passage all the way from source to + allows stateful traffic from hosts of the internal network + to pass to the gateway, the to keyword + does not guarantee passage all the way from source to destination: pass in on xl1 from xl1:network to xl0:network port $ports keep state