From owner-svn-doc-head@FreeBSD.ORG Fri Feb 14 01:35:03 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8673DA96; Fri, 14 Feb 2014 01:35:03 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 64EC11AB7; Fri, 14 Feb 2014 01:35:03 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1E1Z3cI065314; Fri, 14 Feb 2014 01:35:03 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1E1Z33n065313; Fri, 14 Feb 2014 01:35:03 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201402140135.s1E1Z33n065313@svn.freebsd.org> From: Dru Lavigne Date: Fri, 14 Feb 2014 01:35:03 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43917 - head/en_US.ISO8859-1/books/handbook/firewalls X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Feb 2014 01:35:03 -0000 Author: dru Date: Fri Feb 14 01:35:02 2014 New Revision: 43917 URL: http://svnweb.freebsd.org/changeset/doc/43917 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Fri Feb 14 01:30:43 2014 (r43916) +++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Fri Feb 14 01:35:02 2014 (r43917) @@ -215,8 +215,8 @@ integrated part of the base system. PF is a complete, full-featured firewall that has optional support for - ALTQ (Alternate Queuing), which provides - Quality of Service (QoS). + ALTQ (Alternate Queuing), which + provides Quality of Service (QoS). Since the OpenBSD Project maintains the definitive reference for PF in the Enabling <application>PF</application> - In order to use PF, its kernel module must be first - loaded. This section describes the entries that can be added - to /etc/rc.conf in order to enable - PF. + In order to use PF, its kernel + module must be first loaded. This section describes the + entries that can be added to /etc/rc.conf + in order to enable PF. Start by adding the following line to /etc/rc.conf: pf_enable="YES" - Additional options, described in &man.pfctl.8;, can be passed to - PF when it is started. Add this entry to - /etc/rc.conf and specify any - required flags between the two quotes (""): - + Additional options, described in &man.pfctl.8;, can be + passed to PF when it is started. + Add this entry to /etc/rc.conf and + specify any required flags between the two quotes + (""): + pf_flags="" # additional flags for pfctl startup - PF will not start if it cannot find its - ruleset configuration file. The default ruleset is already created and is named + PF will not start if it cannot + find its ruleset configuration file. The default ruleset is + already created and is named /etc/pf.conf. If a custom ruleset has been saved somewhere else, add a line to /etc/rc.conf which specifies the full @@ -261,29 +263,33 @@ The sample pf.conf can be found in /usr/share/examples/pf/. The rest of - this chapter demonstrates how to create a custom ruleset. - - Logging support for PF is provided by - &man.pflog.4;. To enable logging support, add this - line to /etc/rc.conf: + this chapter demonstrates how to create a custom + ruleset. + + Logging support for PF is + provided by &man.pflog.4;. To enable logging support, add + this line to /etc/rc.conf: pflog_enable="YES" The following lines can also be added in order to change the default location of the log file or to specify any - additional flags to pass to &man.pflog.4; when it is started: + additional flags to pass to &man.pflog.4; when it is + started: pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_flags="" # additional flags for pflogd startup - Finally, if there is a LAN behind the firewall and packets need to - be forwarded for the computers on the LAN, or NAT is required, - add the following option: + Finally, if there is a LAN behind the + firewall and packets need to be forwarded for the computers on + the LAN, or NAT is + required, add the following option: gateway_enable="YES" # Enable as LAN gateway After saving the needed edits, - PF can be started with logging support by typing: + PF can be started with logging + support by typing: &prompt.root; service pf start &prompt.root; service pflog start