diff --git a/en_US.ISO8859-1/articles/dialup-firewall/article.sgml b/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
index 5caefcce52..3e1e488ef2 100644
--- a/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
+++ b/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
@@ -79,7 +79,9 @@
recompile their kernels with IPFW2
support. &os; 4.X users should consult the &man.ipfw.8;
manual page for more information on using IPFW2 on their
- systems.
+ systems, and should pay particular attention to the
+ USING IPFW2 IN FreeBSD-STABLE
+ section.
@@ -183,15 +185,33 @@ fwcmd="/sbin/ipfw"
# defaults to tun0.
oif="tun0"
+# Define our inside interface. This is usually your network
+# card. Be sure to change this to match your own network
+# interface.
+iif="fxp0"
+
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
-# Allow all connections that we initiate, and keep their state,
-# but deny established connections that don't have a dynamic rule.
+# Check the state of all packets.
$fwcmd add check-state
+
+# Stop spoofing on the outside interface.
+$fwcmd add deny ip from any to any in via $oif not verrevpath
+
+# Allow all connections that we initiate, and keep their state.
+# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif
+# Allow all connections within our network.
+$fwcmd add allow ip from any to any via $iif
+
+# Allow all local traffic.
+$fwcmd add allow all from any to any via lo0
+$fwcmd add deny all from any to 127.0.0.0/8
+$fwcmd add deny ip from 127.0.0.0/8 to any
+
# Allow internet users to connect to the port 22 and 80.
# This example specifically allows connections to the sshd and a
# webserver.