From c39dda81923a26116241fbe996351133c86ad97a Mon Sep 17 00:00:00 2001
From: Tobias Rehbein <tobias.rehbein@web.de>
Date: Thu, 18 Mar 2021 18:01:09 +0100
Subject: rc.conf(5): Document the 'workstation' firewall_type

Document the workstation ACL ruleset, which uses stateful rules.

While here, add a note about where some of the undocumented variables
can be found. This is not a perfect solution for bug 127359, but it at
at least gives a place to go look, and can be used as a reference for
when bug 127359 gets fixed properly.

PR:		254358, 127359
---
 share/man/man5/rc.conf.5 | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index fef0f167d1a5..ddf4ea120df5 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -539,7 +539,7 @@ Valid selections from
 .Pa /etc/rc.firewall
 are:
 .Pp
-.Bl -tag -width ".Li simple" -compact
+.Bl -tag -width ".Li workstation" -compact
 .It Li open
 unrestricted IP access
 .It Li closed
@@ -547,12 +547,18 @@ all IP services disabled, except via
 .Dq Li lo0
 .It Li client
 basic protection for a workstation
+.It Li workstation
+basic protection for a workstation using stateful firewalling
 .It Li simple
 basic protection for a LAN.
 .El
 .Pp
 If a filename is specified, the full path
 must be given.
+.Pp
+Most of the predefined rulesets define additional configuration variables.
+These are documented in
+.Pa /etc/rc.firewall .
 .It Va firewall_quiet
 .Pq Vt bool
 Set to
-- 
cgit v1.2.3