From 587249127873e1b5f6439e22118bbc68adcefcab Mon Sep 17 00:00:00 2001 From: Gordon Bergling Date: Sat, 1 Aug 2020 10:48:28 +0000 Subject: [PATCH] Handbook/Firewalls: correct the network devices in the NAT example PR: 232042 Submitted by: Samy Mahmoudi Reviewed by: bcr Approved by: bcr Differential Revision: https://reviews.freebsd.org/D25652 --- en_US.ISO8859-1/books/handbook/firewalls/chapter.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml b/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml index b2c80dda4d..c8791aa051 100644 --- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml @@ -630,8 +630,8 @@ pass proto udp to any port $udp_services keep state running PF to act as a gateway for at least one other machine. The gateway needs at least two network interfaces, each connected to a separate - network. In this example, xl1 is - connected to the Internet and xl0 is + network. In this example, xl0 is + connected to the Internet and xl1 is connected to the internal network. First, enable the gateway to let the machine @@ -657,9 +657,9 @@ pass proto udp to any port $udp_services keep state Next, create the PF rules to allow the gateway to pass traffic. While the following rule - allows stateful traffic to pass from the Internet to hosts - on the network, the to keyword does not - guarantee passage all the way from source to + allows stateful traffic from hosts of the internal network + to pass to the gateway, the to keyword + does not guarantee passage all the way from source to destination: pass in on xl1 from xl1:network to xl0:network port $ports keep state