From owner-freebsd-doc Fri Aug 17 20: 0:26 2001 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3C2D037B413 for ; Fri, 17 Aug 2001 20:00:06 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f7I306072132; Fri, 17 Aug 2001 20:00:06 -0700 (PDT) (envelope-from gnats) Received: from www-1.wr.usgs.gov (www-1.wr.usgs.gov [130.118.42.141]) by hub.freebsd.org (Postfix) with ESMTP id 8B00437B61A for ; Fri, 17 Aug 2001 19:57:31 -0700 (PDT) (envelope-from root@www-1.wr.usgs.gov) Received: (from root@localhost) by www-1.wr.usgs.gov (8.11.4/8.11.4) id f7I2vTT45895; Fri, 17 Aug 2001 19:57:29 -0700 (PDT) (envelope-from root) Message-Id: <200108180257.f7I2vTT45895@www-1.wr.usgs.gov> Date: Fri, 17 Aug 2001 19:57:29 -0700 (PDT) From: Charlie & Reply-To: Charlie & To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: docs/29841: stilted language and incorrect punctuation Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 29841 >Category: docs >Synopsis: stilted language and incorrect punctuation >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 17 20:00:05 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Robert Sowders >Release: FreeBSD 4.3-STABLE i386 >Organization: USGS >Environment: System: FreeBSD www-1.wr.usgs.gov 4.3-STABLE FreeBSD 4.3-STABLE #0: Thu Jul 12 01:06:31 PDT 2001 root@www-1.wr.usgs.gov:/usr/obj/usr/src/sys/WWW6 i386 >Description: Stilted language and poor grammer with incorrect punctuation. >How-To-Repeat: >Fix: --- article.sgml.orig Fri Aug 17 13:40:05 2001 +++ article.sgml Fri Aug 17 14:56:16 2001 @@ -39,23 +39,22 @@ Dialup Firewalling with FreeBSD - This document aims to cover the process that is required in - order to setup firewalling with FreeBSD when are dynamically - assigned an IP address by your ISP. While every effort has been - made to make this document as informative and correct as possible, - you are welcome to mail your comments/suggestions to the - marcs@draenor.org. + This document covers the process that is required to setup + firewalling with FreeBSD when an IP address is assigned dynamically + by your ISP. While every effort has been made to make this document + as informative and correct as possible, you are welcome to mail your + comments/suggestions to the marcs@draenor.org. Kernel Options - The first thing you'll need to do is recompile your kernel in - FreeBSD. If you need more information on how to recompile the kernel, + The first thing you'll need to do is recompile your kernel. + If you need more information on how to recompile the kernel, then the best place to start is the kernel - configuration section in the Handbook. You need to compile the - following options into the kernel: + configuration section in the Handbook. You need to add the + following options into your kernel config: @@ -80,7 +79,7 @@ Limits the number of times a matching entry is logged. This - stops your log files filling up with lots of repetitive entries. + prevents your log file from filling up with lots of repetitive entries. 100 is a reasonable number to use, but you can adjust it based on your requirements. @@ -96,7 +95,7 @@ - There are also some other OPTIONAL items that you can compile + There are some other OPTIONAL items that you can compile into the kernel for some added security. These are not required in order to get firewalling to work, but some more paranoid users may want to use them. @@ -115,8 +114,8 @@ - Don't reboot once you have recompiled the kernel. Hopefully, we will - need to reboot just once in order to complete the installing of the + Don't reboot once you have recompiled the kernel. Hopefully, + we will only need to reboot once to complete the installation of the firewall. @@ -126,7 +125,7 @@ We now need to make some changes to /etc/rc.conf in order to tell it about the - firewall. Simply add the following lines: + firewall. Simply add the following lines: firewall_enable="YES" firewall_script="/etc/firewall/fwrules" @@ -134,8 +133,8 @@ natd_interface="tun0" natd_flags="-dynamic" - For more information on what the above do take a look at - /etc/defaults/rc.conf and read + For more information on the functions of these statements take + a look at /etc/defaults/rc.conf and read &man.rc.conf.5; @@ -143,11 +142,11 @@ Disable PPP's network address translation You may already be using PPP's built in network address - translation (NAT). If that is the case you will have to disable it, - as these examples use &man.natd.8; to do the same. + translation (NAT). If that is the case then you will have to disable + it, as these examples use &man.natd.8; to do the same. If you already have a block of entries to - automatically start PPP it probably looks like this: + automatically start PPP, it probably looks like this: ppp_enable="YES" ppp_mode="auto" @@ -163,26 +162,26 @@ The ruleset for the firewall - We're nearly done now. All that remains now is to define the + We're nearly done now. All that remains now is to define the firewall rules and then we can reboot and the firewall should be up and - running. I realize that everyone will want something slightly different - when it comes to their rulebase. What I've tried to do is write a - rulebase that suits most dialup users. You can obviously modify it to - your needs by simply using the following rules as the foundation for + running. I realize that everyone will want something slightly different + when it comes to their rulebase. What I've tried to do is write a + rulebase that suits most dialup users. You can obviously modify it to + your needs by using the following rules as the foundation for your own rulebase. First, let's start with the basics of closed - firewalling. What you want to do is deny everything by default and then - only open up for the things you really need. Rules should be in the - order of allow first and then deny. The premise is that you add the - rules for your allows, and then everything else is denied. :) + firewalling. What you want to do is deny everything by default and then + only open up for the things you really need. Rules should be in the + order of allow first and then deny. The premise is that you add the + rules for your allows, and then everything else is denied. :) Now, let's make the dir /etc/firewall. Change into the directory and edit the file fwrules as we specified in - rc.conf. Please note that you can change this - filename to be anything you wish. This guide just gives an example of a + rc.conf. Please note that you can change this + filename to anything you wish. This guide just gives an example of a filename. - Now, let's look at a sample firewall file, and we'll detail - everything in it. + Now, let's look at a sample firewall file, that is commented nicely. + # Firewall rules # Written by Marc Silver (marcs@draenor.org) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message