===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd_config.5,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -r1.149 -r1.150
--- src/usr.bin/ssh/sshd_config.5	2012/11/04 11:09:15	1.149
+++ src/usr.bin/ssh/sshd_config.5	2012/12/02 20:46:11	1.150
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.149 2012/11/04 11:09:15 djm Exp $
-.Dd $Mdocdate: November 4 2012 $
+.\" $OpenBSD: sshd_config.5,v 1.150 2012/12/02 20:46:11 djm Exp $
+.Dd $Mdocdate: December 2 2012 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -124,6 +124,18 @@
 for more information on patterns.
 .It Cm AllowTcpForwarding
 Specifies whether TCP forwarding is permitted.
+The available options are
+.Dq yes
+or
+.Dq all
+to allow TCP forwarding,
+.Dq no
+to prevent all TCP forwarding,
+.Dq local
+to allow local (from the perspective of
+.Xr ssh 1 ) forwarding only or
+.Dq remote
+to allow remote forwarding only.
 The default is
 .Dq yes .
 Note that disabling TCP forwarding does not improve security unless