From owner-freebsd-doc@FreeBSD.ORG Mon May 10 18:08:29 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E16816A4CF for ; Mon, 10 May 2004 18:08:29 -0700 (PDT) Received: from nic.ach.sch.gr (nic.sch.gr [194.63.238.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4622443D5D for ; Mon, 10 May 2004 18:08:28 -0700 (PDT) (envelope-from keramida@ceid.upatras.gr) Received: (qmail 8525 invoked from network); 11 May 2004 01:08:25 -0000 Received: from dialup138.ach.sch.gr (HELO gothmog.gr) ([81.186.70.138]) (envelope-sender ) by nic.sch.gr (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 11 May 2004 01:08:25 -0000 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.11/8.12.11) with ESMTP id i4B18Ngs028468; Tue, 11 May 2004 04:08:23 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.11/8.12.11/Submit) id i4B18NWu028467; Tue, 11 May 2004 04:08:23 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Tue, 11 May 2004 04:08:23 +0300 From: Giorgos Keramidas To: Warren Block Message-ID: <20040511010823.GH27645@gothmog.gr> References: <200405100928.i4A9STqI041982@www.freebsd.org> <20040510054824.V7383@wonkity.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040510054824.V7383@wonkity.com> cc: doc@freebsd.org Subject: Re: docs/66442: [PATCH] proposed dialup-firewall article wording change X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 01:08:29 -0000 On 2004-05-10 06:01, Warren Block wrote: > On Mon, 10 May 2004, Giorgos Keramidas wrote: > > Both paragraphs listed in the diff below start with "First". Surely > > one of them must be "second" :-) > > [snip] > > First, let's start with the basics of closed firewalling. > > Closed firewalling is based on the idea that everything is denied > > by default. The system administrator may then explicitly add > > rules for traffic that he or she would like to allow. Rules > > should be in the order of allow first, and then deny. The premise > > is that you add the rules for everything you would like to allow, > > and then everything else is automatically denied. > > Eliminate the first sentence entirely. Actually: > > A closed firewall has everything denied by default. The system > administrator may then add rules to allow desired traffic. > Rules that allow traffic are listed first, and then everything > else is denied. > > Let's create the directory where we will store our > firewall rules. For this example, we'll use class="directory">/etc/firewall. Change into the > directory and edit the file fwrules as > specified in rc.conf. (This filename > can be anything you wish, as long as it matches the name given > in rc.conf.) Oh, nice! I see that Josef has already committed the previous version, but... If someone wants to recommit, changing the text to match Warren's wording, feel free to make the change. I'm not particularly fanatic about this or that option and I do like this better :) Giorgos