From owner-freebsd-doc@FreeBSD.ORG  Mon May 10 05:01:37 2004
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 65BBD16A4CE
	for <freebsd-doc@freebsd.org>; Mon, 10 May 2004 05:01:37 -0700 (PDT)
Received: from wonkity.com (wonkity.com [65.173.111.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B1F6D43D4C
	for <freebsd-doc@freebsd.org>; Mon, 10 May 2004 05:01:36 -0700 (PDT)
	(envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
	by wonkity.com (8.12.11/8.12.11) with ESMTP id i4AC1GAE007433;
	Mon, 10 May 2004 06:01:16 -0600 (MDT)
	(envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
	by wonkity.com (8.12.11/8.12.11/Submit) with ESMTP id i4AC1GMB007430;
	Mon, 10 May 2004 06:01:16 -0600 (MDT)
	(envelope-from wblock@wonkity.com)
Date: Mon, 10 May 2004 06:01:16 -0600 (MDT)
From: Warren Block <wblock@wonkity.com>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
In-Reply-To: <200405100928.i4A9STqI041982@www.freebsd.org>
Message-ID: <20040510054824.V7383@wonkity.com>
References: <200405100928.i4A9STqI041982@www.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: clamd / ClamAV version devel-20040504, clamav-milter version
	0.70u
X-Virus-Status: Clean
cc: freebsd-doc@freebsd.org
Subject: Re: docs/66442: [PATCH] proposed dialup-firewall article wording
 change
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 May 2004 12:01:37 -0000

On Mon, 10 May 2004, Giorgos Keramidas wrote:

> Both paragraphs listed in the diff below start with "First".  Surely
> one of them must be "second" :-)

>      <para>First, let's start with the basics of closed firewalling.
>        Closed firewalling is based on the idea that everything is denied
>        by default.  The system administrator may then explicitly add
>        rules for traffic that he or she would like to allow.  Rules
>        should be in the order of allow first, and then deny.  The premise
>        is that you add the rules for everything you would like to allow,
>        and then everything else is automatically denied.</para>

Eliminate the first sentence entirely.  Actually:

        A closed firewall has everything denied by default.  The system
        administrator may then add rules to allow desired traffic.
        Rules that allow traffic are listed first, and then everything
        else is denied.

        Let's create the directory where we will store our
        firewall rules.  For this example, we'll use <filename
        class="directory">/etc/firewall</filename>. Change into the
        directory and edit the file <filename>fwrules</filename> as
        specified in <filename>rc.conf</filename>.  (This filename
        can be anything you wish, as long as it matches the name given
        in <filename>rc.conf</filename>.)

-Warren Block * Rapid City, South Dakota USA