Date: Sun, 23 Jan 2005 02:21:04 -0700 (MST) From: Brad Davis <so14k@so14k.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: docs/76600: More punctuation and spacing changes for the firewall chapter. Message-ID: <20050123092104.B5E8CEB2@mccaffrey.house.so14k.com> Resent-Message-ID: <200501230930.j0N9UP62021886@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76600
>Category: docs
>Synopsis: More punctuation and spacing changes for the firewall chapter.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 23 09:30:25 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Brad Davis
>Release: FreeBSD 4.10-STABLE i386
>Organization:
>Environment:
System: FreeBSD mccaffrey.house.so14k.com 4.10-STABLE FreeBSD 4.10-STABLE #0: Fri May 28 08:02:41 MDT 2004 root@mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/MCCAFFREY i386
>Description:
More punctuation and spacing changes for the firewall chapter. Note that the spacing changes are for the website so that we don't have spaces before periods.
>How-To-Repeat:
>Fix:
--- doc-ori/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Fri Jan 21
11:05:20 2005
+++ doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sun Jan 23 02:14:32
2005
@@ -365,7 +365,7 @@
<para>Sample kernel config IPF option statements are in the
<filename>/usr/src/sys/conf/NOTES</filename> kernel source
(<filename>/usr/src/sys/<replaceable>arch</replaceable>/conf/LINT</filename>
- for &os; 4.X) and are reproduced here.</para>
+ for &os; 4.X) and are reproduced here:</para>
<programlisting>options IPFILTER
options IPFILTER_LOG
@@ -401,7 +401,7 @@
# n = map IP & port to names</programlisting>
<para>If you have a LAN behind this firewall that uses the
reserved private IP address ranges, then you need to add the
- following to enable <acronym>NAT</acronym> functionality.</para>
+ following to enable <acronym>NAT</acronym> functionality:</para>
<programlisting>gateway_enable="YES" # Enable as Lan gateway
ipnat_enable="YES" # Start ipnat function
@@ -414,7 +414,7 @@
<para>The ipf command is used to load your rules file. Normally
you create a file containing your custom rules and use this
command to replace in mass the currently running firewall
- internal rules.</para>
+ internal rules:</para>
<programlisting><command>ipf -Fa -f /etc/ipf.rules</command></programlisting>
@@ -531,7 +531,7 @@
rotate system logs. That is why outputting the log information to
syslogd is better than the default of outputting to a regular
file. In the default <filename>rc.conf</filename> file you see the
- ipmon_flags statement uses the <option>-Ds</option> flags</para>
+ ipmon_flags statement uses the <option>-Ds</option> flags:</para>
<programlisting>ipmon_flags="-Ds" # D = start as daemon
# s = log to syslog
@@ -564,7 +564,7 @@
and <quote>level.</quote> IPMON in <option>-Ds</option> mode uses
<literal>local0</literal> as the
<quote>facility</quote> name. All IPMON logged data goes to
<literal>local0</literal>. The following levels can be used to further
segregate
- the logged data if desired.</para>
+ the logged data if desired:</para>
<screen>LOG_INFO - packets logged using the "log" keyword as the action rather
than pass or block.
LOG_NOTICE - packets logged which are also passed
@@ -583,8 +583,7 @@
considerable flexibility in how syslog will deal with system
messages issued by software applications like IPF.</para>
- <para>Add the following statement to <filename>/etc/syslog.conf
- </filename>:</para>
+ <para>Add the following statement to
<filename>/etc/syslog.conf</filename></para>
<programlisting>local0.* /var/log/ipfilter.log</programlisting>
@@ -751,8 +750,8 @@
<para>Add a script like the following to your <filename>
/usr/local/etc/rc.d/</filename> startup directory. The script
- should have an obvious name like <filename>loadipfrules.sh
- </filename>. The <filename>.sh</filename> extension is mandatory.</para>
+ should have an obvious name like <filename>loadipfrules.sh</filename>.
+ The <filename>.sh</filename> extension is mandatory.</para>
<programlisting>#!/bin/sh
sh /etc/ipf.rules.script</programlisting>
@@ -982,7 +981,7 @@
<para>There is no way to match ranges of IP addresses which
do not express themselves easily as mask-length. See this
web page for help on writing mask-length:
- <ulink url="http://jodies.de/ipcalc"></ulink></para>;
+ <ulink url="http://jodies.de/ipcalc"></ulink>.</para>;
</sect3>
<sect3>
@@ -1174,8 +1173,7 @@
<para>Check out this link for port numbers used by Trojans
<ulink
- url="http://www.simovits.com/trojans/trojans.html"></ulink>;
- </para>
+ url="http://www.simovits.com/trojans/trojans.html"></ulink>.</para>;
<para>The following rule set is a complete very secure
'inclusive' type of firewall rule set that I have used on my
@@ -1404,7 +1402,7 @@
<acronym>NAT</acronym>ed private LAN IP address. According to
RFC 1918, you can use the following IP ranges for private nets
which will never be routed directly to the public
- Internet.</para>
+ Internet:</para>
<informaltable frame="none" pgwide="1">
<tgroup cols="2">
@@ -1579,7 +1577,7 @@
IP<acronym>NAT</acronym> to only use source ports in a
range. For example the following rule will tell
IP<acronym>NAT</acronym> to modify the source port to be
- within that range.</para>
+ within that range:</para>
<programlisting>map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp
20000:60000</programlisting>
@@ -1628,13 +1626,13 @@
<programlisting>map dc0 20.20.20.5/32 port 80 -> 10.0.10.25 port
80</programlisting>
- <para>or</para>
+ <para>Or:</para>
<programlisting>map dc0 0/32 port 80 -> 10.0.10.25 port 80</programlisting>
- <para>or for a LAN DNS Server on LAN address of <hostid
+ <para>Or for a LAN DNS Server on LAN address of <hostid
role="ipaddr">10.0.10.33</hostid> that needs to receive
- public DNS requests</para>
+ public DNS requests:</para>
<programlisting>map dc0 20.20.20.5/32 port 53 -> 10.0.10.33 port 53
udp</programlisting>
</sect2>
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050123092104.B5E8CEB2>