View | Details | Raw Unified | Return to bug 232042
Collapse All | Expand All

(-)en_US.ISO8859-1/books/handbook/firewalls/chapter.xml (-5 / +5 lines)
Lines 718-725 Link Here
718
	  running <application>PF</application> to act as a gateway
718
	  running <application>PF</application> to act as a gateway
719
	  for at least one other machine.  The gateway needs at least
719
	  for at least one other machine.  The gateway needs at least
720
	  two network interfaces, each connected to a separate
720
	  two network interfaces, each connected to a separate
721
	  network.  In this example, <filename>xl1</filename> is
721
	  network.  In this example, <filename>xl0</filename> is
722
	  connected to the Internet and <filename>xl0</filename> is
722
	  connected to the Internet and <filename>xl1</filename> is
723
	  connected to the internal network.</para>
723
	  connected to the internal network.</para>
724
724
725
	<para>First, enable the gateway in order to let the machine
725
	<para>First, enable the gateway in order to let the machine
Lines 744-752 Link Here
744
744
745
	<para>Next, create the <application>PF</application> rules to
745
	<para>Next, create the <application>PF</application> rules to
746
	  allow the gateway to pass traffic.  While the following rule
746
	  allow the gateway to pass traffic.  While the following rule
747
	  allows stateful traffic to pass from the Internet  to hosts
747
	  allows stateful traffic from hosts of the internal network
748
	  on the network, the <literal>to</literal> keyword does not
748
	  to pass to the gateway, the <literal>to</literal> keyword
749
	  guarantee passage all the way from source to
749
	  does not guarantee passage all the way from source to
750
	  destination:</para>
750
	  destination:</para>
751
751
752
	<programlisting>pass in on xl1 from xl1:network to xl0:network port $ports keep state</programlisting>
752
	<programlisting>pass in on xl1 from xl1:network to xl0:network port $ports keep state</programlisting>

Return to bug 232042