Note that the search continues after count, skipto and tee rules.

svn path=/head/; revision=23899
2005-02-25 12:12:20 +00:00 · 2005-02-25 12:12:20 +00:00 · f289e524dc · 2020-12-08 03:00:23 +00:00
commit f289e524dc
parent cb0cdc678c
1 changed files with 7 additions and 0 deletions
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
@ -2193,6 +2193,7 @@ options    IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
 	<secondary>rule processing order</secondary>
      </indexterm>

+      <!-- Needs rewording to include note below -->
      <para>When a packet enters the firewall it is compared against
        the first rule in the rule set and progress one rule at a time
        moving from top to bottom of the set in ascending rule number
@ -2205,6 +2206,12 @@ options    IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
        packets and discards them without any reply back to the
        originating destination.</para>

+      <note>
+	<para>The search continues after <literal>count</literal>,
+	  <literal>skipto</literal> and <literal>tee</literal>
+	  rules.</para>
+      </note>
+
      <para>The instructions contained here are based on using rules
        that contain the stateful 'keep state', 'limit', 'in'/'out',
        and via options. This is the basic framework for coding an