pfctl.8: mention -k source -k <IP>

Sponsored by:	Rubicon Communications, LLC ("Netgate")

1 files changed, 7 insertions, 2 deletions

diff --git a/sbin/pfctl/pfctl.8 b/sbin/pfctl/pfctl.8
index 45cfd88ef039..662f5a4b0f16 100644
--- a/sbin/pfctl/pfctl.8
+++ b/sbin/pfctl/pfctl.8
@@ -43,7 +43,7 @@
 .Op Fl K Ar host | network
 .Xo
 .Oo Fl k
-.Ar host | network | label | id | gateway | nat
+.Ar host | network | label | id | gateway | source | nat
 .Oc Xc
 .Op Fl o Ar level
 .Op Fl p Ar device
@@ -281,7 +281,7 @@ option may be specified, which will kill all the source tracking
 entries from the first host/network to the second.
 .It Xo
 .Fl k
-.Ar host | network | label | id | key | gateway | nat
+.Ar host | network | label | id | key | gateway | source | nat
 .Xc
 Kill all of the state entries matching the specified
 .Ar host ,
@@ -290,6 +290,7 @@ Kill all of the state entries matching the specified
 .Ar id ,
 .Ar key ,
 .Ar gateway,
+.Ar source ,
 or
 .Ar nat.
 .Pp
@@ -374,6 +375,10 @@ States can also be killed based on their pre-NAT address:
 .Pp
 .Dl # pfctl -k nat -k 192.168.0.1
 .Pp
+To remove a source from a source limiter use:
+.Pp
+.Dl # pfctl -I 1 -k source -k 192.0.2.2
+.Pp
 .It Fl M
 Kill matching states in the opposite direction (on other interfaces) when
 killing states.