1 files changed, 31 insertions, 6 deletions

diff --git a/hurd/translator/eth-filter.mdwn b/hurd/translator/eth-filter.mdwn
index 36ef4217..b5dc8f8f 100644
--- a/hurd/translator/eth-filter.mdwn
+++ b/hurd/translator/eth-filter.mdwn
@@ -8,20 +8,45 @@ Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
 is included in the section entitled [[GNU Free Documentation
 License|/fdl]]."]]"""]]
 
-`eth-filter` is a translator that implements a very simple stateless firewal.
+`eth-filter` is a translator that implements a very simple stateless firewall.
+
 
 # Source
 
 [[source_repositories/incubator]], dde
 
-# Usage:
+
+# Usage
 
 For instance, to drop any attempt to access port 22:
 
-    settrans -c /dev/eth0f /hurd/eth-filter -i /dev/eth0 -r "not port 22"
+    # settrans -c /dev/eth0f /hurd/eth-filter -i /dev/eth0 -r "not port 22"
+
+This creates a `/dev/eth0f` device, which is the filtered version of
+`/dev/eth0`.  One can then use `/dev/eth0f` instead of `/dev/eth0`:
+
+    # settrans /servers/socket/2 /hurd/pfinet -i /dev/eth0f [...]
+
+..., or run `dhclient /dev/eth0f`, or similar.
+
+See also Zheng Da's [[user/zhengda/howto]].
+
+
+# Open Issues
 
-This creates a /dev/eth0f device, which is the filtered version of /dev/eth0. One can then configure network by hand using /dev/eth0f instead of /dev/eth0:
+## IRC, freenode, #hurd, 2013-07-27
 
-    settrans /servers/socket/2 /hurd/pfinet -i /dev/eth0f ...
+[[!tag open_issue_hurd]]
 
-or run dhclient /dev/eth0f, etc.
+    <youpi> ok, so as usual we actually *already* have a firewall
+    <youpi> it's the eth-filter translator from zheng da
+    <youpi> it has just never been really pushed forward...
+    <teythoon> good news :)
+    <youpi> well, the bad news is that it probably doesn't support connection
+      tracking
+    <youpi> since it's just bpf
+    <youpi> using the libpcap syntax
+    <teythoon> well, a stateless fw should do for Debian/Hurds needs for now,
+      right?
+    <youpi> yes
+    <youpi> and it does work indeed