Date: Sat, 1 Aug 2020 10:48:28 +0000 (UTC) From: Gordon Bergling <gbe@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54389 - head/en_US.ISO8859-1/books/handbook/firewalls Message-ID: <202008011048.071AmSlF000769@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gbe Date: Sat Aug 1 10:48:28 2020 New Revision: 54389 URL: https://svnweb.freebsd.org/changeset/doc/54389 Log: Handbook/Firewalls: correct the network devices in the NAT example PR: 232042 Submitted by: Samy Mahmoudi <samy dot mahmoudi at gmail dot com> Reviewed by: bcr Approved by: bcr Differential Revision: https://reviews.freebsd.org/D25652 Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sat Aug 1 10:16:40 2020 (r54388) +++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Sat Aug 1 10:48:28 2020 (r54389) @@ -630,8 +630,8 @@ pass proto udp to any port $udp_services keep state</p running <application>PF</application> to act as a gateway for at least one other machine. The gateway needs at least two network interfaces, each connected to a separate - network. In this example, <filename>xl1</filename> is - connected to the Internet and <filename>xl0</filename> is + network. In this example, <filename>xl0</filename> is + connected to the Internet and <filename>xl1</filename> is connected to the internal network.</para> <para>First, enable the gateway to let the machine @@ -657,9 +657,9 @@ pass proto udp to any port $udp_services keep state</p <para>Next, create the <application>PF</application> rules to allow the gateway to pass traffic. While the following rule - allows stateful traffic to pass from the Internet to hosts - on the network, the <literal>to</literal> keyword does not - guarantee passage all the way from source to + allows stateful traffic from hosts of the internal network + to pass to the gateway, the <literal>to</literal> keyword + does not guarantee passage all the way from source to destination:</para> <programlisting>pass in on xl1 from xl1:network to xl0:network port $ports keep state</programlisting>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202008011048.071AmSlF000769>