===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/74.html,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -r1.104 -r1.105
--- www/74.html	2023/10/15 15:32:37	1.104
+++ www/74.html	2023/10/15 15:49:48	1.105
@@ -751,24 +751,25 @@
 	In particular, <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>
 	and <a href="https://man.openbsd.org/systat.1">systat(1)</a>
 	now do that.
-   <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>,
-	relax the implementation of the <code>pass all</code> rule so all
+   <li>Relax the implementation of the <code>pass all</code> rule so all
 	forms of neighbor advertisements are allowed in either direction.
-   <li>In <a href="https://man.openbsd.org/pf.4">pf(4)</a>,
-	when redirecting locally generated IP packets to userland with
-	<code>divert-packet</code> rules, the packets may have no checksum
+   <li>When redirecting locally generated IP packets to userland with
+	<a href="https://man.openbsd.org/pf.conf.5#divert-packet"
+	>divert-packet</a> rules, the packets may have no checksum
 	due to hardware offloading.  Calculate the checksum in that case.
-   <li>Fix a bug in <a href="https://man.openbsd.org/pf.4">pf(4)</a>
-	where <code>nat-to</code> could fail to insert a state
+   <li>Fix a bug where
+	<a href="https://man.openbsd.org/pf.conf.5#nat-to">nat-to</a>
+	could fail to insert a state
 	due to conflict on chosen source port number.
-   <li><a href="https://man.openbsd.org/pf.4">pf(4)</a> ignored 'keep
-	state' and 'nat-to' actions for unsolicited icmp error responses. With
-	OpenBSD 7.4, the rule matching logic is tightened so icmp error
-	responses no longer match 'keep state' rule. In typical scenarios icmp
-	errors (if solicited) should match existing state.  The change is
-	going to bite firewalls which deal with asymmetric routes. In those
-	cases the 'keep state' action should be relaxed to sloppy or new 'no
-	state' rule to explicitly match icmp errors should be added.
+   <li>No longer ignore <code>keep state</code> and <code>nat-to</code>
+	actions for unsolicited ICMP error responses. 
+	Tighten the rule matching logic so ICMP error responses
+	no longer match <code>keep state</code> rule.
+	In typical scenarios, ICMP errors (if solicited) should match
+	existing state.  The change is going to bite firewalls which deal
+	with asymmetric routes. In those cases the <code>keep state</code>
+	action should be relaxed to sloppy or new <code>no state</code>
+	rule to explicitly match ICMP errors should be added.
    </ul>
  <li>Do not calculate IP, TCP, and UDP checksums on
 	<a href="https://man.openbsd.org/lo.4">lo(4)</a> interfaces.