doc

Author: Emmankoko

usr.sbin/npf/npfctl/npf.conf.5

@@ -312,16 +312,11 @@ syntax, for example:
 Fragments are not selectable since NPF always reassembles packets
 before further processing.
 .Ss User/group ID filtering
-NPF allows certain rules to be applied exclusivley to some user processes on a system.
-User processes that fire up sockets for network communications attribute
-user identification values such as user and group ID to these sockets. Incoming
-or outgoing communication with any socket is also assumed to be communicating with
-the user that owns the process that fired the socket.
 .Pp
-Packet filtering by user or group controls data packet flows based on
-the user or group identity of the process that generated the traffic,
-or is waiting to receive traffic, rather than just traditional parameters
-like IP address, port number, and protocol.
+NPF allows filtering by user or group identity. Packet filtering by user or group
+controls data packet flows based on the user or group identity of the process
+that generated the traffic, or is waiting to receive traffic,
+rather than just traditional parameters like IP address, port number, and protocol.
 .Pp
 There are many situations where this is useful:
 .Bl -bullet -hang
@@ -675,7 +670,7 @@ group_id	= "group" id_items
 
 id_items	= [id] | [op_unary id] | [id op_binary id]
 
-op_unary	= ["="] | ["!="] | ["<="] | [">="] | [">"]
+op_unary	= ["="] | ["!="] | ["<="] | [">="] | [">"] | ["<"]
 op_binary	= ["<>"] | ["><"]
 .Ed
 .\" -----