From owner-freebsd-doc@FreeBSD.ORG Mon Sep 20 22:59:03 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEECF16A4CE; Mon, 20 Sep 2004 22:59:03 +0000 (GMT) Received: from valentine.liquidneon.com (valentine.liquidneon.com [216.38.206.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89B7A43D1F; Mon, 20 Sep 2004 22:59:03 +0000 (GMT) (envelope-from so14k@so14k.com) Received: from localhost (localhost [127.0.0.1]) by valentine.liquidneon.com (Postfix) with ESMTP id 9129B866; Mon, 20 Sep 2004 16:59:02 -0600 (MDT) Received: from valentine.liquidneon.com ([216.38.206.180]) by localhost (valentine.liquidneon.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49406-03; Mon, 20 Sep 2004 16:59:02 -0600 (MDT) Received: from boom.house.so14k.com (67-41-215-55.dnvr.qwest.net [67.41.215.55]) by valentine.liquidneon.com (Postfix) with ESMTP id F10B4377; Mon, 20 Sep 2004 16:59:01 -0600 (MDT) From: Brad Davis To: Giorgos Keramidas Date: Mon, 20 Sep 2004 16:59:00 -0600 User-Agent: KMail/1.7 References: <20040918.161309.35654157.hrs@eos.ocn.ne.jp> <20040920110628.GA2493@submonkey.net> <20040920133025.GB38865@orion.daedalusnetworks.priv> In-Reply-To: <20040920133025.GB38865@orion.daedalusnetworks.priv> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200409201659.00842.so14k@so14k.com> X-Virus-Scanned: by amavisd-new at liquidneon.com cc: freebsd-doc@freebsd.org cc: Ceri Davies Subject: Re: New firewall section (was: Re: HEADS UP: doc/ slush begins) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 22:59:03 -0000 Hi Giorgos, Thanks for your comments I have merged all of them except the few below I have questions about. > : + The IPFW sample rule set (found in > : + /etc/rc.firewall) delivered in the basic > : + install is outdated, complicated and does not use stateful > : + rules on the interface facing the public Internet. It > : + exclusively uses legacy stateless rules which only have the > : + ability to open or close the service ports. The IPFW example > : + stateful rules sets presented here supercede the > : + /etc/firewall.rc file distributed with the > : + system. > > What are the ``service ports'' referred to here? This does need better wording.. I can't come up with anything right now. > : + The OpenBSD PF user's guide is here: > : + . > : + > > Please trim the unnecessary whitespace here too. Well the period is at line 71, so I pushed the down so I wouldn't go over the 72 line rule. Also I have encountered an undefined &man.ipnat.8 Regards, Brad -- Hummingbirds never remember the words to songs.