From 427128b9f04a1b02c1374159e31ca5fec759092a Mon Sep 17 00:00:00 2001
From: Pat Maddox <pat@patmaddox.com>
Date: Sun, 31 Jul 2022 00:03:57 -0700
Subject: [PATCH] Explain permissive NAT

---
 docs/chapters/gcp.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/chapters/gcp.rst b/docs/chapters/gcp.rst
index 4616ee98..0eac5565 100644
--- a/docs/chapters/gcp.rst
+++ b/docs/chapters/gcp.rst
@@ -57,7 +57,8 @@ This basic /etc/pf.conf allow incoming packets on the bridge interface, and NATs
   
   set skip on lo
   scrub in
-  
+
+  # permissive NAT allows jail bridge and wireguard tunnels
   nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
   
   block in