--- en_US.ISO8859-1/books/handbook/firewalls/chapter.xml (revision 49160)
+++ en_US.ISO8859-1/books/handbook/firewalls/chapter.xml (working copy)
@@ -2270,12 +2270,13 @@
to pass.
$cmd 499 deny log all from any to any
-$cmd 500 divert natd ip from any to any out via $pif # skipto location for outbound stateful rules
+$cmd 500 allow ip from me to not me out via $pif # avoid packets natd doesn't care about
+$cmd 501 divert natd ip from any to any out via $pif # skipto location for outbound stateful rules
$cmd 510 allow ip from any to any
In this example, rules 100,
101, 125,
- 500, and 510 control the
+ 501, and 510 control the
address translation of the outbound and inbound packets so
that the entries in the dynamic state table always register
the private LAN IP