From owner-freebsd-doc@FreeBSD.ORG Mon May 10 05:01:37 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 65BBD16A4CE for ; Mon, 10 May 2004 05:01:37 -0700 (PDT) Received: from wonkity.com (wonkity.com [65.173.111.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id B1F6D43D4C for ; Mon, 10 May 2004 05:01:36 -0700 (PDT) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.12.11/8.12.11) with ESMTP id i4AC1GAE007433; Mon, 10 May 2004 06:01:16 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.12.11/8.12.11/Submit) with ESMTP id i4AC1GMB007430; Mon, 10 May 2004 06:01:16 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Mon, 10 May 2004 06:01:16 -0600 (MDT) From: Warren Block To: Giorgos Keramidas In-Reply-To: <200405100928.i4A9STqI041982@www.freebsd.org> Message-ID: <20040510054824.V7383@wonkity.com> References: <200405100928.i4A9STqI041982@www.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: clamd / ClamAV version devel-20040504, clamav-milter version 0.70u X-Virus-Status: Clean cc: freebsd-doc@freebsd.org Subject: Re: docs/66442: [PATCH] proposed dialup-firewall article wording change X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 12:01:37 -0000 On Mon, 10 May 2004, Giorgos Keramidas wrote: > Both paragraphs listed in the diff below start with "First". Surely > one of them must be "second" :-) > First, let's start with the basics of closed firewalling. > Closed firewalling is based on the idea that everything is denied > by default. The system administrator may then explicitly add > rules for traffic that he or she would like to allow. Rules > should be in the order of allow first, and then deny. The premise > is that you add the rules for everything you would like to allow, > and then everything else is automatically denied. Eliminate the first sentence entirely. Actually: A closed firewall has everything denied by default. The system administrator may then add rules to allow desired traffic. Rules that allow traffic are listed first, and then everything else is denied. Let's create the directory where we will store our firewall rules. For this example, we'll use /etc/firewall. Change into the directory and edit the file fwrules as specified in rc.conf. (This filename can be anything you wish, as long as it matches the name given in rc.conf.) -Warren Block * Rapid City, South Dakota USA