From owner-freebsd-doc@FreeBSD.ORG Mon Dec 6 02:50:08 2004 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81FF516A4CE for ; Mon, 6 Dec 2004 02:50:08 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 495B443D31 for ; Mon, 6 Dec 2004 02:50:08 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iB62o8pv040951 for ; Mon, 6 Dec 2004 02:50:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iB62o8h3040950; Mon, 6 Dec 2004 02:50:08 GMT (envelope-from gnats) Date: Mon, 6 Dec 2004 02:50:08 GMT Message-Id: <200412060250.iB62o8h3040950@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Len Zettel Subject: Re: docs/74720: [patch] Handbook: More corrections to the firewall chapter X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Len Zettel List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Dec 2004 02:50:08 -0000 The following reply was made to PR docs/74720; it has been noted by GNATS. From: Len Zettel To: freebsd-doc@freebsd.org, Joel Dahl Cc: FreeBSD-gnats-submit@freebsd.org Subject: Re: docs/74720: [patch] Handbook: More corrections to the firewall chapter Date: Sun, 5 Dec 2004 21:43:07 +0000 On Sunday 05 December 2004 02:31 pm, Joel Dahl wrote: > >Number: 74720 > >Category: docs > >Synopsis: [patch] Handbook: More corrections to the firewall chapter > >Confidential: no > >Severity: non-critical > >Priority: low > >Responsible: freebsd-doc > >State: open > >Quarter: > >Keywords: > >Date-Required: > >Class: doc-bug > >Submitter-Id: current-users > >Arrival-Date: Sun Dec 05 14:40:22 GMT 2004 > >Closed-Date: > >Last-Modified: > >Originator: Joel Dahl > >Release: FreeBSD 5.3-STABLE i386 > >Organization: > >Environment: > > System: FreeBSD dude.automatvapen.se 5.3-STABLE FreeBSD 5.3-STABLE #1: Sat > Nov 13 19:50:36 CET 2004 joel@dude.automatvapen.se:/usr/obj/usr/src/sys/WRK > i386 > > >Description: > > - Remove contractions. > - Use the serial comma. > - Correct spelling. > > This chapter still requires a lot of work. > > >How-To-Repeat: > > > >Fix: > > --- firewall2.diff begins here --- > Index: chapter.sgml > =================================================================== So while you were at it, why not go a little further---- > RCS file: > /home/ncvs/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v > retrieving revision 1.1 > diff -u -r1.1 chapter.sgml > --- chapter.sgml 5 Dec 2004 00:14:21 -0000 1.1 > +++ chapter.sgml 5 Dec 2004 13:46:13 -0000 > @@ -39,11 +39,11 @@ > network connections and either allows the traffic through or > blocks it. The rules of the firewall can inspect one or more > characteristics of the packets, including but not limited to the > - protocol type, the source or destination host address and the > + protocol type, the source or destination host address, and the > source or destination port. > > Firewalls greatly enhance the security of your network, your > - applications and services. They can be used to do one of more of > + applications and services. They can be used to do one or more of > the following things: the following: > > > @@ -197,7 +197,7 @@ > The author prefers IPFILTER because its stateful rules are > much less complicated to use in a NAT > environment and it has a built in ftp proxy that simplifies the environment and its built in ftp proxy simplifies the > - rules to allow secure outbound FTP usage. If is also more + rules necessary for secure outbound FTP usage. It is also more > appropriate to the knowledge level of the inexperienced firewall attuned to the knowledge level of the inexperienced firewall > user. > > @@ -566,7 +566,7 @@ > log and adds the log keyword to those rules. Normally only > deny rules are logged. > > - Its very customary to include a default deny everything > + It is very customary to include a default deny everything + It is customary to include a default "deny everything" > rule with the log keyword included as your last rule in the rule containing the log keyword as your last rule in the > rule set. This way you get to see all the packets that did not rule set. You can then see all the packets that did not > match any of the rules in the rule set. > @@ -749,8 +749,8 @@ > That is all there is to it. The rules are not important in > this example, how the Symbolic substitution field are populated this example; how the Symbolic substitution fields are populated > and used are. If the above example was in /etc/ipf.rules.script and used is. If the above example were in /etc/ipf.rules.script > - file, you could reload these rules by entering on the command > - line. > + file, you could reload these rules by entering this on the > command + line: > > sh /etc/ipf.rules.script > > @@ -948,7 +948,7 @@ > SELECTION > The keywords described in this section are used to > describe attributes of the packet to be interrogated when > - determining whether rules match or don't match. There is a > + determining whether rules match or not. There is a + determining whether rules match. There is a > keyword subject, and it has sub-option keywords, one of > which has to be selected. The following general-purpose which must be selected. The following general-purpose > attributes are provided for matching, and must be used in > @@ -1842,7 +1842,7 @@ > options IPV6FIREWALL_DEFAULT_TO_ACCEPT > > These options are exactly the same as the IPv4 options but > - they are for IPv6. If you don't use IPv6 you might want to use > + they are for IPv6. If you do not use IPv6 you might want to use > IPV6FIREWALL without any rules to block all IPv6 > > options IPDIVERT > @@ -1851,7 +1851,7 @@ > functionality. > > > - If you don't include IPFIREWALL_DEFAULT_TO_ACCEPT or set > + If you do not include IPFIREWALL_DEFAULT_TO_ACCEPT or set > your rules to allow incoming packets you will block all > packets going to and from this machine. > > @@ -2066,7 +2066,7 @@ > > The keywords described in this section are used to > describe attributes of the packet to be interrogated when > - determining whether rules match or don't match the packet. > + determining whether rules match the packet or not. + determining whether rules match the packet. > The following general-purpose attributes are provided for > matching, and must be used in this order: > > @@ -2276,7 +2276,7 @@ > > > The /etc/ipfw.rules file could be > - located any where you want and the file could be named any > + located anywhere you want and the file could be named any > thing you would like. in a name and location of your choice. > > The same thing could also be accomplished by running > --- firewall2.diff ends here --- > > >Release-Note: > >Audit-Trail: > >Unformatted: > > _______________________________________________ > freebsd-doc@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-doc > To unsubscribe, send any mail to "freebsd-doc-unsubscribe@freebsd.org"