From owner-freebsd-doc@FreeBSD.ORG Fri Feb 24 11:00:17 2006 Return-Path: X-Original-To: freebsd-doc@hub.freebsd.org Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C451716A420 for ; Fri, 24 Feb 2006 11:00:17 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8AEC643D48 for ; Fri, 24 Feb 2006 11:00:17 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1OB0G0t089954 for ; Fri, 24 Feb 2006 11:00:16 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1OB0GiN089953; Fri, 24 Feb 2006 11:00:16 GMT (envelope-from gnats) Date: Fri, 24 Feb 2006 11:00:16 GMT Message-Id: <200602241100.k1OB0GiN089953@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Ceri Davies Cc: Subject: Re: docs/93764: [patch] addition to firewalls section - ipfw X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Ceri Davies List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Feb 2006 11:00:18 -0000 The following reply was made to PR docs/93764; it has been noted by GNATS. From: Ceri Davies To: Daniel Gerzo , Cc: Subject: Re: docs/93764: [patch] addition to firewalls section - ipfw Date: Fri, 24 Feb 2006 10:52:24 +0000 On 23/2/06 19:16, "Daniel Gerzo" wrote: Daniel, Welcome to your first proper review by me. We hope that you don't squirm too much. :) > @@ -2283,7 +2283,50 @@ > > Set the script to run to activate your rules: > > - firewall_script="/etc/ipfw.rules" > + firewall_script="/etc/rc.firewall" That's the default, so perhaps we can get away with not specifying this all. > + > + Set the type of firewall. This enables a simple pre-set > + ruleset for IPFW: > + > + firewall_type="open" > + > + Available values for this setting are: This is the handbook. We can get away with an actual paragraph explaining this pre-set ruleset thing. I think that the above is too brief and presupposes that I know what you're saying already. > + > + > + open — allow anyone in. > + That text isn't good. "Pass all traffic" perhaps? > + > + client — will protect only this > + machine. > + > + > + simple — protect the whole > + network. Do what now? So I can run this on a FreeBSD machine and do without a firewall? Sweet! Seriously though, "protect the whole network" is misleading in the absence of context. > + > + > + closed — entirely disables IP > + services except via lo0 interface. s/services/traffic/, s/via/via the/ > + > + > + UNKNOWN — disables the loading > + of firewall rules. > + > + > + filename — will load the rules > + in the given filename (full path required). s/full/absolute/ > + > + > + > + > + If firewall_type is set either to > + client or simple, the > + default rules found in /etc/rc.firewall > + should be reviewed to fit to the setup of the given machine. Try to avoid the word "setup" if you can. Try one of "purpose", "configuration", "services", "function", etc. > + Also note, that the examples used in this chapter expect that That comma doesn't belong there. > + the firewall_type is set to > + /etc/ipfw.rules. > + Ceri -- That must be wonderful! I don't understand it at all. -- Moliere