From 221ad91a516e6b2fb40581d8c21e21017eab5ea2 Mon Sep 17 00:00:00 2001
From: Bill Yuan <bycn82@gmail.com>
Date: Tue, 3 Mar 2015 18:52:56 +0800
Subject: [PATCH] ipfw2 man page, keep-state

---
 sbin/ipfw2/ipfw2.8 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sbin/ipfw2/ipfw2.8 b/sbin/ipfw2/ipfw2.8
index 69d25f2b5f..17bab635f0 100644
--- a/sbin/ipfw2/ipfw2.8
+++ b/sbin/ipfw2/ipfw2.8
@@ -906,13 +906,14 @@ Matches IP packets whose time to live is
 Matches IP packets whose IP version field is
 .Ar ver .
 .It Cm keep-state
-Upon a match, the firewall will create a dynamic rule, whose
+Upon a match, the firewall will create a state, whose
 default behaviour is to match bidirectional traffic between
 source and destination IP/port using the same protocol.
 The rule has a limited lifetime (controlled by a set of
 .Xr sysctl 8
 variables), and the lifetime is refreshed every time a matching
 packet is found.
+the state can be manually created/deleted using the ipfw2 utility.
 .It Cm layer2
 Matches only layer2 packets, i.e. those passed to
 .Nm
-- 
2.11.4.GIT