gateway: small corrections in pf section

1 files changed, 5 insertions, 5 deletions

diff --git a/content/posts/openbsd-vpn-gateway/index.org b/content/posts/openbsd-vpn-gateway/index.org
index bea94c1..c961f82 100644
--- a/content/posts/openbsd-vpn-gateway/index.org
+++ b/content/posts/openbsd-vpn-gateway/index.org
@@ -314,23 +314,23 @@
     us/ out on our external interface, this will allow OpenVPN to
     communicate with the VPN server without us having to worry about
     accidentally passing forwarded traffic to the open internet
-    outside of the VPN connection, should OpenVPN ever die. =self=
+    outside of the VPN connection, should OpenVPN ever fail. =self=
     expands to all IPs belonging to interfaces on our host machine.
 
   - =match out on $vpn_if from $ext_if:network to any nat-to
     ($vpn_if)= This is a big rule, let's break it down into smaller pieces.
 
-    - =match= A [[https://man.openbsd.org/OpenBSD-6.7/pf.conf.5#match][match]] rule is usually used to either transform or tag
+    - =match= A [[https://man.openbsd.org/OpenBSD-6.7/pf.conf.5#match][match]] rule is usually used to either apply options to
       a packet. It does not block or pass a packet itself, but lets pf
       know how to handle a packet once it is blocked or passed. Unlike
       =block= or =pass= rules, a single packet can match many =match=
       rules, and have them all apply.
 
     - =out on $vpn_if from $ext_if:network to any= This tells the
-      =match= command which packets it should apply its action to.
+      =match= command which packets it should apply the option to.
 
-      - =on $vpn_if= Packets going out on =$vpn_if= (which gets
-        evaluated to =vio0=).
+      - =on $vpn_if= Packets going out on =$vpn_if=, which gets
+        evaluated to =tun0=.
 
       - =from $ext_if:network= Packets coming from
         =$ext_if:network=. Since =$ext_if= gets evaluated to =vio0=,