Index: sbin/ipfw/ipfw.8
===================================================================
--- sbin/ipfw/ipfw.8
+++ sbin/ipfw/ipfw.8
@@ -1,7 +1,7 @@
-.\"
+\"
 .\" $FreeBSD$
 .\"
-.Dd August 21, 2020
+.Dd November 14, 2020
 .Dt IPFW 8
 .Os
 .Sh NAME
@@ -880,6 +880,12 @@
 socket bound to port
 .Ar port .
 The search terminates.
+However, on exit from the pipe and if the
+.Xr sysctl 8
+variable
+.Va net.inet.ip.fw.one_pass
+is not set, the packet is passed again to the firewall code starting
+from the next rule.
 .It Cm fwd | forward Ar ipaddr | tablearg Ns Op , Ns Ar port
 Change the next-hop on matching packets to
 .Ar ipaddr ,
@@ -889,6 +895,12 @@
 .Cm tablearg
 keyword instead of an explicit address.
 The search terminates if this rule matches.
+However, on exit from the pipe and if the
+.Xr sysctl 8
+variable
+.Va net.inet.ip.fw.one_pass
+is not set, the packet is passed again to the firewall code starting
+from the next rule.
 .Pp
 If
 .Ar ipaddr
@@ -1344,7 +1356,7 @@
 with multiple addresses) is provided for convenience only and
 its use is discouraged.
 .It Ar addr : Oo Cm not Oc Bro
-.Cm any | me | me6 |
+.Cm any | me | me6 | iface |
 .Cm table Ns Pq Ar name Ns Op , Ns Ar value
 .Ar | addr-list | addr-set
 .Brc
@@ -1352,9 +1364,9 @@
 .It Cm any
 Matches any IP address.
 .It Cm me
-Matches any IP address configured on an interface in the system.
+Matches any IP address configured on any interface in the system.
 .It Cm me6
-Matches any IPv6 address configured on an interface in the system.
+Matches any IPv6 address configured on any interface in the system.
 The address list is evaluated at the time the packet is
 analysed.
 .It Cm table Ns Pq Ar name Ns Op , Ns Ar value
@@ -1366,6 +1378,9 @@
 See the
 .Sx LOOKUP TABLES
 section below for more information on lookup tables.
+.It Cm iface
+Where iface is an interface on the system.
+In this case addresses configures only on this interface will match.
 .El
 .It Ar addr-list : ip-addr Ns Op Ns , Ns Ar addr-list
 .It Ar ip-addr :