Date: Fri, 24 Apr 2009 11:17:07 +0300 From: Manolis Kiagias <sonic2000gr@gmail.com> To: Tom Rhodes <trhodes@FreeBSD.org> Cc: Chris Pepper <pepper@cbio.mskcc.org>, "freebsd-doc@freebsd.org" <freebsd-doc@freebsd.org>, Gabor Kovesdan <gabor@FreeBSD.org>, Giorgos Keramidas <keramida@freebsd.org>, Gabor PALI <pgj@FreeBSD.org> Subject: Re: [PATCH] for the 'firewalls' chapter Message-ID: <49F17583.4070200@gmail.com> In-Reply-To: <20090424022336.3f4c6792.trhodes@FreeBSD.org> References: <49E796E6.70709@gmail.com> <20090424022336.3f4c6792.trhodes@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom Rhodes wrote: > Hey Manolis, > > My review, as promised, please see comments in line. I'm sorry > it came so late! Thanks! > > Thank you Tom! Integrated most of your changes and the patch and build are updated: http://people.freebsd.org/~manolis/firewalls.diff http://www.freebsdgr.org/handbook-mine/firewalls.html Few more comments below: > <acronym>ALTQ</acronym> with > - <acronym>PF</acronym>. Traffic shaping for <acronym>IPFILTER</acronym> can currently > - be done with <acronym>IPFILTER</acronym> for NAT and filtering and > + <acronym>PF</acronym>. Traffic shaping for IPFILTER can currently > + be done with IPFILTER for NAT and filtering and > <acronym>IPFW</acronym> with &man.dummynet.4; > > Too many "and" in this sentence. How about: > > "Traffic shaping for IPFILTER can currently be done with IPFILTER > for NAT. IPFW filtering is handled via the &man.dummynet.4; > driver ..." > > Perhaps the entire paragraph should be re-worded after we > commit these other changes? > > Yes, the entire paragraph makes no sense for me. If you (or anyone else) can come up with an alternative, it would be nice to include in this (already too long) patch... > Are we using "rule set" or "ruleset" because up above it was just > one word. We should come to a conclusion and run a %s/one/right one/g > across this chapter then. :) > > > True. I changed everything to 'ruleset' for consistency. > + > <para>There is no way to match ranges of IP addresses which > - do not express themselves easily as mask-length. See this > + do not express themselves easily using the dotted numeric > + form / mask-length notation. See this > web page for help on writing mask-length: <ulink > url="http://jodies.de/ipcalc"></ulink>.</para>; > > It's a port too, that ipcalc utility. :) > > > Added this info too, thanks! > <para>There are some additional configuration statements that > need to be enabled to activate the <acronym>NAT</acronym> > - function of IPFW. The kernel source needs 'option IPDIVERT' > + function of IPFW. The kernel source needs <literal>option IPDIVERT</literal> > > > I've always used: > > <programlisting>option SOMEOPTION</programlisting> > > But that's probably not a huge deal. > > Well, I prefer <literal> for in-paragraph one liners and <programlisting> for longer separate sections. Cheers, manolis@
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49F17583.4070200>