From nobody Sat Apr 25 10:53:16 2026 X-Original-To: freebsd-doc@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g2ms458GWz6bH8p for ; Sat, 25 Apr 2026 10:53:28 +0000 (UTC) (envelope-from carlavilla@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4g2ms44FDrz41QM for ; Sat, 25 Apr 2026 10:53:28 +0000 (UTC) (envelope-from carlavilla@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777114408; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3WudnBc1Xf+pq9AjYnCttvYT8L4X0dW8SVbVReghdnU=; b=PcEEkipr2GXSed5zQoimI3/VkN4amawbhVsR2PVFIuvK7AZ24Wopk8KnHYGLWQS/amsBGC TWvDF8J0p0dQJ+kpswaXKgjWO7cEfqkLWP0eTe2RVHAovK7n6v7elyGI8JXIP/FurpjT1e ya+kzHzJZDYjPDXf2d9RClWOq4SrZOFxUp4hALfEU+0avvP5WAjD7PwP1AmOMXdChodHIV VQf7Y2As+SJxD19eMdgdXuNqEIlkOWynZvNEMiPN0Pdgoy54EAehE2ptPjaeJ0iom8phnC R2AC8cx/wiOM9+asy0q1bMSEzUbgWv54KRupyQDL/PqoRAlZ8ex62YOqYP+h2w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1777114408; a=rsa-sha256; cv=none; b=ZaXvlaCds0fxVjMHhA+zwltxSigy5O9vb0PPbvQX6+jK7v4+0cNwxCHtePQ/tksfA5J1e8 xlsuWACUltl/jKFRw6EPiU7J00wOhrf0CVM+LBAyeZVb0aEbaZt0Q8pEMbN3hAKFdFx84e nvaM6W3coxgRe1GTTLQX3WwSa30kBHjqUXhjZPy98JDd+QY9aZ9FIXy3Ytk3nHNnoTUlZf Ld66lQP44CSE1czMX6djwpx59qYLEwnl945XpburTMTjuK7H/wlJC4UDPvBxToPgftd5Tb 2aUJTkBvzV97E9rjvrQqZW1qA+qB95Qw4dVnHmrWih0ta3j4k8qSIzXqJ8wRPQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1777114408; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=3WudnBc1Xf+pq9AjYnCttvYT8L4X0dW8SVbVReghdnU=; b=HbkrNy6hubQ8iRUaN5x0UzsWvhetE7awx2lwYHmgOB0Ko2JzB5VNelkTP3YakGjnRrOHd0 Gg6jgojGq0RwRiY54XhUOItFTMFMPmtDy5I4nfcCen6ooF278l7/YDUiRLyWAU159P/X28 T8tDkYYUK7iGlpJS4jbP+y3h0KDES2yXm1zlKsJFC3Vf8HnvzZqBS+U/FyTveCfcNOLRbG 3TaRgWPsU71d2+JsTDw/E5Gc6J+QiTLrf1/VYH+1GIjrc8WYJWfXFg2TNsXbm636Rl4UXR cwK4YiEZkMUCs+JXBIxmM/B3AuprNbxfwdVIj2AlJl+1YPnI2ypOChrC8y5AEA== Received: from mail-qv1-f47.google.com (mail-qv1-f47.google.com [209.85.219.47]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) (Authenticated sender: carlavilla) by smtp.freebsd.org (Postfix) with ESMTPSA id 4g2ms43p7xzv0b for ; Sat, 25 Apr 2026 10:53:28 +0000 (UTC) (envelope-from carlavilla@freebsd.org) Received: by mail-qv1-f47.google.com with SMTP id 6a1803df08f44-8acb09ddbf6so123382206d6.2 for ; Sat, 25 Apr 2026 03:53:28 -0700 (PDT) X-Gm-Message-State: AOJu0YxUWidKA1vrZQmxHJHlAZpq1FuM0OR3jXVuF1wEXgpso4CwDkP+ dUycSFriBzk4uiMjhPOIy4SrVuQ0xIoqAIXO28OA7rKEnAbLyIojOjSnSRJiAXgUF/LpeLkvKCD DPPUfh2+1dwEJPsKNrAxr8TcWX9AiNaY= X-Received: by 2002:a05:6214:21a3:b0:8b1:f8fe:506c with SMTP id 6a1803df08f44-8b1f8fe53f8mr287408326d6.38.1777114407859; Sat, 25 Apr 2026 03:53:27 -0700 (PDT) List-Id: Documentation project List-Archive: https://lists.freebsd.org/archives/freebsd-doc List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-doc@FreeBSD.org MIME-Version: 1.0 References: <3407444.aeNJFYEL58@debianlenovo> In-Reply-To: <3407444.aeNJFYEL58@debianlenovo> From: Sergio Carlavilla Date: Sat, 25 Apr 2026 12:53:16 +0200 X-Gmail-Original-Message-ID: X-Gm-Features: AQROBzAGRsRD_BjtmF0_dID3jz3oGmfpSL8bM80s6T8vsK5gCtM2FWg43ZSoQEM Message-ID: Subject: Re: Suggestion for Chapter 33 (firewalls) in FreeBSD handbook To: MP Cc: freebsd-doc@freebsd.org Content-Type: text/plain; charset="UTF-8" On Thu, 23 Apr 2026 at 01:36, MP wrote: > > I think that the "if firewall_type...configuration of the system" line in > Chapter 33 of the Handbook under IPFW is confusing because it makes it seem > like only the "client" or "simple" IPFW presets can be modified by the rules > specified in /etc/rc.firewall. There is nothing mentioning that, for example, > inbound ssh connections can be allowed on the workstation preset by using > firewall_myservices and firewall_allowservices. Furthermore, there is nothing > that I could easily find in the handbook or in /etc/rc.firewall that indicates > that the modifications to the default rules should be added to /etc/rc.conf to > persist across reboots. > > I think that there should be something in the handbook that says something > like "configuring something like allowing inbound ssh connections to the > workstation preset can be done by adding 'firewall_myservices="ssh"' and > 'firewall_allowservices="any"' as found in /etc/rc.firewall to /etc/rc.conf" > would be helpful. Or there at least could be something indicating that all > presets can be modified by adding rules found in /etc/rc.firewall to /etc/ > rc.conf. > > > Hi, Thank you so much for the suggestion. I plan to run another Handbook Working Group after we finish with the new design for the website. If you want, I can also add you to the Working Group. Bye!