Index: en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
+++ en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
@@ -630,8 +630,8 @@
 	  running <application>PF</application> to act as a gateway
 	  for at least one other machine.  The gateway needs at least
 	  two network interfaces, each connected to a separate
-	  network.  In this example, <filename>xl1</filename> is
-	  connected to the Internet and <filename>xl0</filename> is
+	  network.  In this example, <filename>xl0</filename> is
+	  connected to the Internet and <filename>xl1</filename> is
 	  connected to the internal network.</para>
 
 	<para>First, enable the gateway to let the machine
@@ -657,9 +657,9 @@
 
 	<para>Next, create the <application>PF</application> rules to
 	  allow the gateway to pass traffic.  While the following rule
-	  allows stateful traffic to pass from the Internet  to hosts
-	  on the network, the <literal>to</literal> keyword does not
-	  guarantee passage all the way from source to
+	  allows stateful traffic from hosts of the internal network
+	  to pass to the gateway, the <literal>to</literal> keyword
+	  does not guarantee passage all the way from source to
 	  destination:</para>
 
 	<programlisting>pass in on xl1 from xl1:network to xl0:network port $ports keep state</programlisting>