Site Navigation

Date:      Sun, 24 Feb 2008 13:33:40 GMT
From:      Gabor Pali <pgj@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 136080 for review
Message-ID:  <200802241333.m1ODXehp043776@repoman.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

http://perforce.freebsd.org/chv.cgi?CH=136080

Change 136080 by pgj@disznohal on 2008/02/24 13:32:54

	Add initial Hungarian translation of Chapter 28: Firewalls.

Affected files ...

.. //depot/projects/docproj_hu/books/handbook/firewalls/chapter.sgml#4 edit

Differences ...

==== //depot/projects/docproj_hu/books/handbook/firewalls/chapter.sgml#4 (text+ko) ====

@@ -4,581 +4,790 @@
      $FreeBSD: doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.80 2008/01/17 17:50:30 remko Exp $
 -->
 
-<chapter id="firewalls">
+<!-- The FreeBSD Hungarian Documentation Project
+     Translated by: PALI, Gabor <pgj@FreeBSD.org>
+     Original Revision: 1.80                      -->
+
+<chapter id="firewalls" lang="hu">
   <chapterinfo>
     <authorgroup>
       <author>
 	<firstname>Joseph J.</firstname>
 	<surname>Barbish</surname>
-	<contrib>Contributed by </contrib>
+	<contrib>&Iacute;rta: </contrib>
       </author>
     </authorgroup>
     <authorgroup>
       <author>
 	<firstname>Brad</firstname>
 	<surname>Davis</surname>
-	<contrib>Converted to SGML and updated by </contrib>
+	<contrib>SGML form&aacute;tumra alak&iacute;totta &eacute;s
+	  aktualiz&aacute;lta: </contrib>
       </author>
     </authorgroup>
   </chapterinfo>
 
-  <title>Firewalls</title>
+  <title>T&#251;zfalak</title>
 
-  <indexterm><primary>firewall</primary></indexterm>
+  <indexterm><primary>t&#251;zfalak</primary></indexterm>
 
   <indexterm>
-    <primary>security</primary>
-
-    <secondary>firewalls</secondary>
+    <primary>biztons&aacute;g</primary>
+    <secondary>t&#251;zfalak</secondary>
   </indexterm>
 
   <sect1 id="firewalls-intro">
-    <title>Introduction</title>
+    <title>Bevezet&eacute;s</title>
 
-    <para>Firewalls make it possible to filter
-      incoming and outgoing traffic that flows through your system.
-      A firewall can use one or more sets of <quote>rules</quote> to
-      inspect the network packets as they come in or go out of your
-      network connections and either allows the traffic through or
-      blocks it.  The rules of a firewall can inspect one or more
-      characteristics of the packets, including but not limited to the
-      protocol type, the source or destination host address, and the
-      source or destination port.</para>
+    <para>A t&#251;zfalakkal a rendszer&uuml;nk&ouml;n
+      kereszt&uuml;lfoly&oacute; bej&ouml;v&#245; &eacute;s kimen&#245;
+      forgalmat tudjuk sz&#251;rni.  A t&#251;zfalak egy vagy t&ouml;bb
+      <quote>szab&aacute;lyrendszer</quote> alapj&aacute;n
+      vizsg&aacute;lj&aacute;k az &eacute;ppen &eacute;rkez&#245; vagy
+      t&aacute;voz&oacute; h&aacute;l&oacute;zati csomagokat, &eacute;s
+      vagy tov&aacute;bbengedik ezeket vagy
+      meg&aacute;ll&iacute;tj&aacute;k.  A t&#251;zfalak
+      szab&aacute;lyai a csomagok egy vagy t&ouml;bb
+      jellemz&#245;j&eacute;t veszik szem&uuml;gyre, amik lehetnek
+      mondjuk a protokoll t&iacute;pusa, a forr&aacute;s vagy c&eacute;l
+      h&aacute;l&oacute;zati c&iacute;me, esetleg a forr&aacute;s- vagy
+      a c&eacute;lport.</para>
 
-    <para>Firewalls can greatly enhance the security of a host or a
-      network.  They can be used to do one or more of
-      the following things:</para>
+    <para>A t&#251;zfalak jelent&#245;s m&eacute;rt&eacute;kben
+      k&eacute;pesek gyarap&iacute;tani egy g&eacute;p vagy egy
+      h&aacute;l&oacute;zat v&eacute;delm&eacute;t.  Legink&aacute;bb a
+      k&ouml;vetkez&#245;kre tudjuk felhaszn&aacute;lni ezeket:</para>
 
     <itemizedlist>
       <listitem>
-	<para>To protect and insulate the applications, services and
-	  machines of your internal network from unwanted traffic
-	  coming in from the public Internet.</para>
+	<para>a bels&#245; h&aacute;l&oacute;zatunkban fut&oacute;
+	  alkalmaz&aacute;sok, szolg&aacute;ltat&aacute;sok, g&eacute;pek
+	  megv&eacute;d&eacute;s&eacute;re &eacute;s
+	  elszigetel&eacute;s&eacute;re az internetr&#245;l
+	  &eacute;rkez&#245; nem k&iacute;v&aacute;nt forgalom
+	  ellen</para>
       </listitem>
 
       <listitem>
-	<para>To limit or disable access from hosts of the internal
-	  network to services of the public Internet.</para>
+	<para>a bels&#245; h&aacute;l&oacute;zatban lev&#245;
+	  g&eacute;pek el&eacute;r&eacute;s&eacute;t tudjuk
+	  korl&aacute;tozni vagy letiltani az interneten
+	  el&eacute;rhet&#245; szolg&aacute;ltat&aacute;sok
+	  fel&eacute;</para>
       </listitem>
 
       <listitem>
-	<para>To support network address translation
-	  (<acronym>NAT</acronym>), which allows your internal network
-	  to use private <acronym>IP</acronym> addresses and share a
-	  single connection to the public Internet (either with a
-	  single <acronym>IP</acronym> address or by a shared pool of
-	  automatically assigned public addresses).</para>
+	<para>a h&aacute;l&oacute;zati c&iacute;mford&iacute;t&aacute;s
+	  (Network Address Translation, <acronym>NAT</acronym>)
+	  be&aacute;ll&iacute;t&aacute;s&aacute;hoz, ahol a bels&#245;
+	  h&aacute;l&oacute;zatunk priv&aacute;t
+	  <acronym>IP</acronym>-c&iacute;meket haszn&aacute;lnak
+	  &eacute;s egy k&ouml;z&ouml;s kapcsolaton kereszt&uuml;l
+	  &eacute;rik el az internetet (vagy egyetlen
+	  <acronym>IP</acronym>-c&iacute;m, vagy pedig automatikusan
+	  kiosztott publikus c&iacute;mekkel).</para>
       </listitem>
     </itemizedlist>
 
-    <para>After reading this chapter, you will know:</para>
+    <para>A fejezet elolvas&aacute;sa sor&aacute;n
+      megismerj&uuml;k:</para>
 
     <itemizedlist>
       <listitem>
-	<para>How to properly define packet filtering rules.</para>
+	<para>hogyan adjuk meg helyesen a csomagok
+	  sz&#251;r&eacute;s&eacute;t le&iacute;r&oacute;
+	  szab&aacute;lyokat</para>
       </listitem>
 
       <listitem>
-	<para>The differences between the firewalls
-	  built into &os;.</para>
+	<para>a &os;-be &eacute;p&iacute;tett t&#251;zfalak k&ouml;zti
+	  k&uuml;l&ouml;nbs&eacute;geket</para>
       </listitem>
 
       <listitem>
-	<para>How to use and configure the OpenBSD
-	  <application>PF</application> firewall.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be &eacute;s
+	  haszn&aacute;ljuk az OpenBSD <application>PF</application>
+	  t&#251;zfal&aacute;t</para>
       </listitem>
 
       <listitem>
-	<para>How to use and configure
-	  <application>IPFILTER</application>.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be &eacute;s
+	  haszn&aacute;ljuk az <application>IPFILTER</application>
+	  t&#251;zfalat</para>
       </listitem>
 
       <listitem>
-	<para>How to use and configure
-	  <application>IPFW</application>.</para>
+	<para>hogyan &aacute;ll&iacute;tsuk be &eacute;s
+	  haszn&aacute;ljuk az <application>IPFW</application>
+	  t&#251;zfalat</para>
       </listitem>
     </itemizedlist>
 
-    <para>Before reading this chapter, you should:</para>
+    <para>A fejezet elolvas&aacute;sa el&#245;tt aj&aacute;nlott:</para>
 
     <itemizedlist>
       <listitem>
-	<para>Understand basic &os; and Internet concepts.</para>
+	<para>a &os;-hez &eacute;s az internethez k&ouml;t&#245;d&#245;
+	  alapvet&#245; fogalmak ismerete</para>
       </listitem>
     </itemizedlist>
   </sect1>
 
   <sect1 id="firewalls-concepts">
-    <title>Firewall Concepts</title>
+    <title>R&ouml;viden a t&#251;zfalakr&oacute;l</title>
 
     <indexterm>
-      <primary>firewall</primary>
+      <primary>t&#251;zfalak</primary>
+      <secondary>szab&aacute;lyrendszerei</secondary>
+    </indexterm>
 
-      <secondary>rulesets</secondary>
-    </indexterm>
+    <para>A t&#251;zfalak szab&aacute;lyrendszereit alapvet&#245;en
+      k&eacute;tf&eacute;lek&eacute;ppen tudjuk
+      &ouml;ssze&aacute;ll&iacute;tani: <quote>inkluz&iacute;v</quote>,
+      vagyis megenged&#245;, illetve <quote>exkluz&iacute;v</quote>
+      vagyis kiz&aacute;r&oacute; m&oacute;don.  Az exkluz&iacute;v
+      t&#251;zfalak minden forgalmat &aacute;tengednek, amir&#245;l nem
+      rendelkeznek a t&#251;zfal szab&aacute;lyai.  Az inkluz&iacute;v
+      t&#251;zfalak ennek pontosan az ellenkez&#245;j&eacute;t teszik.
+      Csak azt a forgalmat engedik &aacute;t, amir&#245;l van
+      szab&aacute;ly &eacute;s minden m&aacute;st blokkolnak.</para>
 
-    <para>There are two basic ways to create firewall rulesets:
-      <quote>inclusive</quote> or <quote>exclusive</quote>.  An
-      exclusive firewall allows all traffic through except for the
-      traffic matching the ruleset.  An inclusive firewall does the
-      reverse.  It only allows traffic matching the rules through and
-      blocks everything else.</para>
+    <para>Az inkluz&iacute;v t&#251;zfalak &aacute;ltal&aacute;ban
+      biztons&aacute;gosabbak az exkluz&iacute;v t&aacute;rsaikn&aacute;l,
+      mivel eset&uuml;kben jelent&#245;s m&eacute;rt&eacute;kben
+      visszaszorul az &aacute;tfoly&oacute; nem k&iacute;v&aacute;natos
+      forgalom.</para>
 
-    <para>Inclusive firewalls are generally safer than exclusive
-      firewalls because they significantly reduce the risk of allowing
-      unwanted traffic to pass through the firewall.</para>
+    <para>A v&eacute;delem m&eacute;g tov&aacute;bb fokozhat&oacute; az
+      <quote>&aacute;llapottart&oacute; t&#251;zfalak</quote> (stateful
+      firewall) haszn&aacute;lat&aacute;val.  Ilyenkor a t&#251;zfal
+      szemmel tartja a rajta kereszt&uuml;l megnyitott kapcsolatokat,
+      &eacute;s vagy csak a m&aacute;r meglev&#245; kapcsolathoz
+      tartoz&oacute; forgalmat engedi &aacute;t vagy nyit egy
+      &uacute;jat.  Az &aacute;llapottart&oacute; t&#251;zfalak
+      h&aacute;tr&aacute;nya, hogy a <quote>Denial of Service</quote>
+      (<acronym>DoS</acronym>) t&iacute;pus&uacute;
+      t&aacute;mad&aacute;sokkal szemben sokkal
+      s&eacute;r&uuml;l&eacute;kenyebbek, amikor az &uacute;j
+      kapcsolatok nagyon gyorsan j&ouml;nnek l&eacute;tre.  A
+      legt&ouml;bb t&#251;zfal eset&eacute;ben azonban tudjuk
+      vegy&iacute;teni az &aacute;llapottart&oacute; &eacute;s nem
+      &aacute;llapottart&oacute; viselked&eacute;st, &eacute;s ezzel egy
+      ide&aacute;lis be&aacute;ll&iacute;t&aacute;st
+      kialak&iacute;tani.</para>
 
-    <para>Security can be tightened further using a <quote>stateful
-	firewall</quote>.  With a stateful firewall the firewall keeps
-      track of which connections are opened through the firewall and
-      will only allow traffic through which either matches an existing
-      connection or opens a new one.  The disadvantage of a stateful
-      firewall is that it can be vulnerable to Denial of Service
-      (<acronym>DoS</acronym>) attacks if a lot of new connections are
-      opened very fast.  With most firewalls it is possible to use a
-      combination of stateful and non-stateful behavior to make an
-      optimal firewall for the site.</para>
   </sect1>
 
   <sect1 id="firewalls-apps">
-    <title>Firewall Packages</title>
+    <title>T&#251;zfalak</title>
+
+    <para>A &os; alaprendszer&eacute;be h&aacute;rom
+      k&uuml;l&ouml;nb&ouml;z&#245; t&#251;zfalat &eacute;p&iacute;tettek
+      be.  Ezek: az <emphasis>IPFILTER</emphasis> (m&aacute;sik
+      nev&eacute;n <acronym>IPF</acronym>), az
+      <emphasis>IPFIREWALL</emphasis> (m&aacute;s n&eacute;ven
+      <acronym>IPFW</acronym>) &eacute;s az <emphasis>OpenBSD
+      csomagsz&#251;r&#245;je</emphasis> (Packet Filter, azaz
+      <acronym>PF</acronym>).  A forgalom
+      szab&aacute;lyoz&aacute;s&aacute;ra (vagyis alapvet&#245;en a
+      s&aacute;vsz&eacute;less&eacute;g
+      kihaszn&aacute;lts&aacute;g&aacute;nak
+      vez&eacute;rl&eacute;s&eacute;re) a &os; k&eacute;t
+      be&eacute;p&iacute;tett csomagot tartalmaz: ez az &man.altq.4;
+      &eacute;s a &man.dummynet.4;.  &Aacute;ltal&aacute;ban a Dummynet
+      az <acronym>IPFW</acronym>, m&iacute;g az <acronym>ALTQ</acronym>
+      a <acronym>PF</acronym> partnere.  Az <acronym>IPFILTER</acronym>
+      eset&eacute;ben maga az <acronym>IPFILTER</acronym> v&eacute;gzi a
+      c&iacute;mford&iacute;t&aacute;st &eacute;s a sz&#251;r&eacute;st,
+      a s&aacute;vsz&eacute;less&eacute;get pedig az
+      <acronym>IPFW</acronym> a &man.dummynet.4;
+      <emphasis>vagy</emphasis> a <acronym>PF</acronym> az
+      <acronym>ALTQ</acronym> seg&iacute;ts&eacute;g&eacute;vel.  Az
+      <acronym>IPFW</acronym> &eacute;s a <acronym>PF</acronym>
+      szab&aacute;lyokkal rendelkezik a rendszer&uuml;nkbe
+      &eacute;rkez&#245; vagy onnan t&aacute;voz&oacute;
+      csomagokr&oacute;l, hab&aacute;r megold&aacute;saik teljesen
+      m&aacute;shogy m&#251;k&ouml;dnek &eacute;s a szab&aacute;lyok
+      fel&iacute;r&aacute;si m&oacute;dja is elt&eacute;r.</para>
 
-    <para>&os; has three different firewall packages built
-      into the base system.  They are: <emphasis>IPFILTER</emphasis>
-      (also known as <acronym>IPF</acronym>),
-      <emphasis>IPFIREWALL</emphasis> (also known as <acronym>IPFW</acronym>),
-      and <emphasis>OpenBSD's PacketFilter</emphasis> (also known as
-      <acronym>PF</acronym>).  &os; also has two built in packages for
-      traffic shaping (basically controlling bandwidth usage):
-      &man.altq.4; and &man.dummynet.4;.  Dummynet has traditionally been
-      closely tied with <acronym>IPFW</acronym>, and
-      <acronym>ALTQ</acronym> with
-      <acronym>PF</acronym>.  Traffic shaping for <acronym>IPFILTER</acronym> can currently
-      be done with <acronym>IPFILTER</acronym> for NAT and filtering and
-      <acronym>IPFW</acronym> with &man.dummynet.4;
-      <emphasis>or</emphasis> by using <acronym>PF</acronym> with
-      <acronym>ALTQ</acronym>.
-      IPFW, and PF all use rules to control the access of packets to and
-      from your system, although they go about it different ways and
-      have different rule syntaxes.</para>
+    <para>A &os; az&eacute;rt tartalmaz egyszerre ennyi t&#251;zfalat,
+      mert az emberek elv&aacute;r&aacute;sai &eacute;s ig&eacute;nyei
+      egy&eacute;nenk&eacute;nt elt&eacute;rnek.  Egyik&#245;j&uuml;k
+      sem tekinthet&#245; a legjobbnak.</para>
 
-    <para>The reason that &os; has multiple built in firewall packages
-      is that different people have different requirements and
-      preferences.  No single firewall package is the best.</para>
+    <para>A szerz&#245; egy&eacute;bk&eacute;nt az IPFILTER
+      megold&aacute;s&aacute;t r&eacute;szes&iacute;ti el&#245;nyben,
+      mivel egy h&aacute;l&oacute;zati c&iacute;mford&iacute;t&aacute;st
+      alkalmaz&oacute; k&ouml;rnyezetben sokkal k&ouml;nnyebb vele
+      megfogalmazni az &aacute;llapottart&oacute; szab&aacute;lyokat,
+      valamint tartalmaz egy be&eacute;p&iacute;tett FTP proxy-t is,
+      amivel a kimen&#245; FTP kapcsolatok
+      be&aacute;ll&iacute;t&aacute;sa tov&aacute;bb
+      egyszer&#251;s&ouml;dik.</para>
 
-    <para>The author prefers IPFILTER because its stateful rules are
-      much less complicated to use in a <acronym>NAT</acronym>
-      environment and it has a built in ftp proxy that simplifies the
-      rules to allow secure outbound FTP usage.</para>
+    <para>Mivel az &ouml;sszes t&#251;zfal a csomagok
+      fejl&eacute;c&eacute;nek bizonyos mez&#245;inek alapj&aacute;n
+      dolgozik, ez&eacute;rt a t&#251;zfal
+      szab&aacute;lyrendszer&eacute;t megalkot&oacute; egy&eacute;nnek
+      teljesen tiszt&aacute;ban kell lennie a
+      <acronym>TCP</acronym>/<acronym>IP</acronym>
+      m&#251;k&ouml;d&eacute;s&eacute;vel, tov&aacute;bb&aacute; azzal,
+      hogy ezekben a mez&#245;kben milyen &eacute;rt&eacute;kek
+      szerepelhetnek &eacute;s ezeket hogyan haszn&aacute;lj&aacute;k
+      egy &aacute;tlagos kapcsolat alatt.  Ebben a t&eacute;m&aacute;ban
+      a <ulink url="http://www.ipprimer.com/overview.cfm"></ulink>;
+      c&iacute;men tal&aacute;lhatunk egy remek ismertet&#245;t
+      (angolul).</para>
 
-    <para>Since all firewalls are based on inspecting the values of
-      selected packet control fields, the creator of the firewall
-      rulesets must have an understanding of how
-      <acronym>TCP</acronym>/IP works, what the different values in
-      the packet control fields are and how these values are used in a
-      normal session conversation.  For a good explanation go to:
-      <ulink
-	url="http://www.ipprimer.com/overview.cfm"></ulink>.</para>;
   </sect1>
 
   <sect1 id="firewalls-pf">
-    <title>The OpenBSD Packet Filter (PF) and
+    <title>Az OpenBSD csomagsz&#251;r&#245;je (PF) &eacute;s az
       <acronym>ALTQ</acronym></title>
 
     <indexterm>
-      <primary>firewall</primary>
-
+      <primary>t&#251;zfalak</primary>
       <secondary>PF</secondary>
     </indexterm>
 
-    <para>As of July 2003 the OpenBSD firewall software application
-      known as <acronym>PF</acronym> was ported to &os; and was made
-      available in the &os; Ports Collection; the first release that
-      contained <acronym>PF</acronym> as an integrated part of the
-      base system was &os;&nbsp;5.3 in November 2004.
-      <acronym>PF</acronym> is a complete, fully featured firewall
-      that has optional support for <acronym>ALTQ</acronym> (Alternate
-      Queuing).  <acronym>ALTQ</acronym> provides Quality of Service
-      (<acronym>QoS</acronym>) bandwidth shaping that allows
-      guaranteeing bandwidth to different services based on filtering
-      rules.  The OpenBSD Project does an outstanding job of
-      maintaining the PF User's Guide that it will not be made part of
-      this handbook firewall section as that would just be duplicated
-      effort.</para>
+    <para>2003.  j&uacute;lius&aacute;ban az OpenBSD
+      <acronym>PF</acronym> n&eacute;ven ismert
+      csomagsz&#251;r&#245;j&eacute;t &aacute;t&iacute;rt&aacute;k
+      &os;-re &eacute;s el&eacute;rhet&#245;v&eacute; tett&eacute;k a
+      &os; Portgy&#251;jtem&eacute;ny&eacute;nek
+      r&eacute;szek&eacute;nt.  A <acronym>PF</acronym> programot
+      be&eacute;p&iacute;tetten tartalmaz&oacute; els&#245;
+      kiad&aacute;s pedig 2004.  november&eacute;ben a &os;&nbsp;5.3
+      volt.  A <acronym>PF</acronym> egy teljes, mindentud&oacute;
+      t&#251;zfal, ami t&aacute;mogatja az &uacute;n.
+      <acronym>ALTQ</acronym> (Alternate Queuing, vagyis a
+      <quote>v&aacute;lt&oacute;besorol&aacute;s</quote>)
+      megold&aacute;st.  Az <acronym>ALTQ</acronym> lehet&#245;v&eacute;
+      teszi a s&aacute;vsz&eacute;less&eacute;g
+      korl&aacute;toz&aacute;s&aacute;t a szolg&aacute;ltat&aacute;s
+      min&#245;s&eacute;ge (Quality of Service, <acronym>QoS</acronym>)
+      alapj&aacute;n, aminek k&ouml;sz&ouml;nhet&#245;en a
+      k&uuml;l&ouml;nb&ouml;z&#245; szolg&aacute;ltat&aacute;sok a
+      sz&#251;r&eacute;si szab&aacute;lyok ment&eacute;n garan&aacute;lt
+      s&aacute;vsz&eacute;less&eacute;ghez juthatnak.  Az OpenBSD
+      projekt kiv&aacute;l&oacute; munk&aacute;t v&eacute;gez a PF
+      felhaszn&aacute;l&oacute;i &uacute;tmutat&oacute;j&aacute;nak
+      karbantart&aacute;s&aacute;val, amit &iacute;gy most nem is
+      tesz&uuml;k be a k&eacute;zik&ouml;nyvbe, mivel ezzel csak
+      feleslegesen m&aacute;soln&aacute;nk.</para>
 
-    <para>More info can be found at the PF for &os; web site: <ulink
-	url="http://pf4freebsd.love2party.net/"></ulink>.</para>;
+    <para>A PF &os;-n t&ouml;rt&eacute;n&#245;
+      haszn&aacute;lat&aacute;r&oacute;l a <ulink
+      url="http://pf4freebsd.love2party.net/"></ulink>; honlapon
+      olvashatunk t&ouml;bbet (angolul).</para>
 
     <sect2>
-      <title>Enabling PF</title>
+      <title>A PF enged&eacute;lyez&eacute;se</title>
 
-      <para>PF is included in the basic &os; install for versions newer
-	than 5.3 as a separate run time loadable module.  The system
-	will dynamically load the PF kernel loadable module when the
-	rc.conf statement <literal>pf_enable="YES"</literal> is used.
-	The loadable module was created with &man.pflog.4; logging
-	enabled.</para>
+      <para>A PF a &os; 5.3 verzi&oacute;ja ut&aacute;ni
+	kiad&aacute;sokban az alaprendszer r&eacute;sze, amit a rendszer
+	m&#251;k&ouml;d&eacute;se k&ouml;zben egy k&uuml;l&ouml;n modul
+	bet&ouml;lt&eacute;s&eacute;vel aktiv&aacute;lhatunk.  Ha az
+	<filename>rc.conf</filename> &aacute;llom&aacute;nyban megadjuk
+	a <literal>pf_enable="YES"</literal> sort, akkor a rendszer
+	mag&aacute;t&oacute;l be is t&ouml;lti a PF-hez tartoz&oacute;
+	rendszermag modult.  Ez a bet&ouml;lthet&#245; modul
+	egy&eacute;bk&eacute;nt m&eacute;g a &man.pflog.4;
+	fel&uuml;leten kereszt&uuml;li napl&oacute;z&aacute;st is
+	enged&eacute;lyezi.</para>
 
       <note>
-	<para>The module assumes the presence of <literal>options
-	    INET</literal> and <literal>device bpf</literal>.  Unless
-	  <literal>NOINET6</literal> for &os; prior to 6.0-RELEASE and
-	  <literal>NO_INET6</literal> for later releases (for example in
-	  &man.make.conf.5;) was defined during the build, it also
-	  requires <literal>options INET6</literal>.</para>
+	<para>A modul felt&eacute;telezi a <literal>options
+	  INET</literal> &eacute;s <literal>device bpf</literal> sorok
+	  jelenl&eacute;t&eacute;t.  Hacsak nem adtuk meg &os;
+	  6.0-RELEASE el&#245;tti verzi&oacute;ban a
+	  <literal>NOINET6</literal>, ill.  az ut&aacute;ni
+	  k&ouml;vetkez&#245; verzi&oacute;kban a
+	  <literal>NO_INET6</literal> be&aacute;ll&iacute;t&aacute;st
+	  (p&eacute;ld&aacute;ul a &man.make.conf.5;
+	  &aacute;llom&aacute;nyban) a rendszer
+	  ford&iacute;t&aacute;s&aacute;ra vonatkoz&oacute;an, akkor a
+	  <literal>options INET6</literal>
+	  be&aacute;ll&iacute;t&aacute;sra is sz&uuml;ks&eacute;g
+	  lesz.</para>
       </note>
 
-      <para>Once the kernel module is loaded or the kernel is statically
-	built with PF support, it is possible to enable or disable
-	<application>pf</application> with the <command>pfctl</command>
-	command.</para>
+      <para>Ahogy bet&ouml;lt&#245;d&ouml;tt a modul, vagy ha m&aacute;r
+	eleve a rendszermagba &eacute;p&iacute;tett&uuml;k a PF
+	t&aacute;mogat&aacute;s&aacute;t, a
+	<application>pf</application> haszn&aacute;lat&aacute;t a
+	<command>pfctl</command> paranccsal tudjuk enged&eacute;lyezni
+	vagy letiltani.</para>
 
-      <para>This example demonstrates how to enable
-	<application>pf</application>:</para>
+      <para>Ebben a p&eacute;ld&aacute;ban a
+	<application>pf</application> enged&eacute;lyez&eacute;s&eacute;t
+	l&aacute;thatjuk:</para>
 
       <screen>&prompt.root; <userinput>pfctl -e</userinput></screen>
 
-      <para>The <command>pfctl</command> command provides a way to work
-	with the <application>pf</application> firewall. It is a good
-	idea to check the &man.pfctl.8; manual page to find out more
-	information about using it.</para>
+      <para>A <command>pfctl</command> parancs
+	seg&iacute;ts&eacute;g&eacute;vel k&ouml;nnyed&eacute;n lehet
+	ir&aacute;ny&iacute;tani a <application>pf</application>
+	m&#251;k&ouml;d&eacute;s&eacute;t.  A
+	haszn&aacute;lat&aacute;r&oacute;l t&ouml;bbet &uacute;gy
+	tudhatunk meg, ha elolvassuk a &man.pfctl.8; man oldalt.</para>
+
     </sect2>
 
     <sect2>
-      <title>Kernel options</title>
+      <title>A rendszermag be&aacute;ll&iacute;t&aacute;sai</title>
 
       <indexterm>
-	<primary>kernel options</primary>
-
+	<primary>a rendszermag
+	  be&aacute;ll&iacute;t&aacute;sai</primary>
 	<secondary>device pf</secondary>
       </indexterm>
 
       <indexterm>
-	<primary>kernel options</primary>
-
+	<primary>a rendszermag
+	  be&aacute;ll&iacute;t&aacute;sai</primary>
 	<secondary>device pflog</secondary>
       </indexterm>
 
       <indexterm>
-	<primary>kernel options</primary>
-
+	<primary>a rendszermag
+	  be&aacute;ll&iacute;t&aacute;sai</primary>
 	<secondary>device pfsync</secondary>
       </indexterm>
 
-      <para>It is not a mandatory requirement that you enable PF by
-	compiling the following options into the &os; kernel.  It is
-	only presented here as background information.  Compiling PF
-	into the kernel causes the loadable module to never be
-	used.</para>
+      <para>Egy&aacute;ltal&aacute;n nem fontos a PF
+	t&aacute;mogat&aacute;s&aacute;t be&eacute;p&iacute;teni a
+	rendszermagba.  Az itt szerepl&#245; inform&aacute;ci&oacute;k
+	csup&aacute;n kieg&eacute;sz&iacute;t&eacute;sk&eacute;nt
+	szerepelnek.  Ha a PF haszn&aacute;lat&aacute;t beletessz&uuml;k
+	a rendszermagba, akkor a modulra m&aacute;r nincs
+	sz&uuml;ks&eacute;g&uuml;nk.</para>
 
-      <para>Sample kernel config PF option statements are in the
-	<filename>/usr/src/sys/conf/NOTES</filename> kernel source and
-	are reproduced here:</para>
+      <para>A rendszermag forr&aacute;sai k&ouml;z&ouml;tt
+	tal&aacute;lhat&oacute;
+	<filename>/usr/src/sys/conf/NOTES</filename>
+	&aacute;llom&aacute;nyban a PF
+	be&aacute;ll&iacute;t&aacute;saira vonatkoz&oacute;
+	utas&iacute;t&aacute;sok &iacute;gy foglalhat&oacute;ak
+	&ouml;ssze:</para>
 
       <programlisting>device pf
 device pflog
 device pfsync</programlisting>
 
-      <para><literal>device pf</literal> enables support for the
-	<quote>Packet Filter</quote> firewall.</para>
+      <para>A <literal>device pf</literal> enged&eacute;lyezi a
+	csomagsz&#251;r&#245; t&#251;zfalat.</para>
+
+      <para>A <literal>device pflog</literal> megad&aacute;s&aacute;val
+	keletkezik egy &man.pflog.4; pszeudo h&aacute;l&oacute;zati
+	eszk&ouml;z, amivel egy &man.bpf.4; le&iacute;r&oacute;ra
+	&eacute;rkez&#245; forgalmat tudunk napl&oacute;zni.  A
+	&man.pflogd.8; d&eacute;mon haszn&aacute;lhat&oacute;
+	ezut&aacute;n t&#245;le sz&aacute;rmaz&oacute; napl&oacute;zott
+	adatok r&ouml;gz&iacute;t&eacute;s&eacute;re.</para>
 
-      <para><literal>device pflog</literal> enables the optional
-	&man.pflog.4; pseudo network device which can be used to log
-	traffic to a &man.bpf.4; descriptor.  The &man.pflogd.8; daemon
-	can be used to store the logging information to disk.</para>
+      <para>A <literal>device pfsync</literal> enged&eacute;lyezi a
+	&man.pfsync.4; pszeudo h&aacute;l&oacute;zati eszk&ouml;z
+	l&eacute;trej&ouml;tt&eacute;t, ami az &uacute;n.
+	<quote>&aacute;llapotv&aacute;lt&aacute;sok</quote>
+	megfigyel&eacute;s&eacute;re alkalmas.  Mivel ez nem
+	r&eacute;sze a bet&ouml;lthet&#245; modulnak, ez&eacute;rt egy
+	saj&aacute;t rendszermagot kell k&eacute;sz&iacute;teni a
+	haszn&aacute;lat&aacute;hoz.</para>
 
-      <para><literal>device pfsync</literal> enables the optional
-	&man.pfsync.4; pseudo network device that is used to monitor
-	<quote>state changes</quote>.  As this is not part of the
-	loadable module one has to build a custom kernel to use
-	it.</para>
+      <para>Ezek a be&aacute;ll&iacute;t&aacute;sok csak akkor
+	l&eacute;pnek &eacute;rv&eacute;nybe, ha ford&iacute;tunk
+	vel&uuml;k egy saj&aacute;t rendszermagot &eacute;s
+	telep&iacute;tj&uuml;k azt.</para>
 
-      <para>These settings will take effect only after you have built
-	and installed a kernel with them set.</para>
     </sect2>
 
     <sect2>
-      <title>Available rc.conf Options</title>
+      <title>Az <filename>rc.conf</filename> &aacute;llom&aacute;nyban
+	el&eacute;rhet&#245; be&aacute;ll&iacute;t&aacute;sok</title>
+
+      <para>Az <filename>/etc/rc.conf</filename>
+	&aacute;llom&aacute;nyba a k&ouml;vetkez&#245;ket kell
+	betenn&uuml;nk ahhoz, hogy a PF a rendszer
+	ind&iacute;t&aacute;sa sor&aacute;n
+	aktiviz&aacute;l&oacute;djon:</para>
 
-      <para>You need the following statements in
-	<filename>/etc/rc.conf</filename> to activate PF at boot
-	time:</para>
+      <programlisting>pf_enable="YES"                 # a PF enged&eacute;lyez&eacute;se (a modul bet&ouml;lt&eacute;se, ha kell)
+pf_rules="/etc/pf.conf"         # a pf szab&aacute;lyait tartalmaz&oacute; &aacute;llom&aacute;ny
+pf_flags=""                     # a pfctl ind&iacute;t&aacute;s&aacute;hoz sz&uuml;ks&eacute;ges tov&aacute;bbi param&eacute;terek
+pflog_enable="YES"              # a pflogd(8) elind&iacute;t&aacute;sa
+pflog_logfile="/var/log/pflog"  # hol tartsa a pflogd az napl&oacute;it
+pflog_flags=""                  # a pflogd ind&iacute;t&aacute;s&aacute;hoz sz&uuml;ks&eacute;ges param&eacute;terek</programlisting>
 
-      <programlisting>pf_enable="YES"                 # Enable PF (load module if required)
-pf_rules="/etc/pf.conf"         # rules definition file for pf
-pf_flags=""                     # additional flags for pfctl startup
-pflog_enable="YES"              # start pflogd(8)
-pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
-pflog_flags=""                  # additional flags for pflogd startup</programlisting>
+      <para>Ha a t&#251;zfalunk m&ouml;g&ouml;tt egy helyi
+	h&aacute;l&oacute;zat is megh&uacute;z&oacute;dik, akkor az ott
+	lev&#245; g&eacute;pek sz&aacute;m&aacute;ra valamilyen
+	m&oacute;don tudni kell tov&aacute;bb&iacute;tani a csomagokat
+	vagy c&iacute;mford&iacute;t&aacute;st kell v&eacute;gezni,
+	&iacute;gy ez a be&aacute;ll&iacute;t&aacute;s is
+	mindenk&eacute;ppen kelleni fog:</para>
 
-      <para>If you have a LAN behind this firewall and have to forward
-	packets for the computers in the LAN or want to do NAT, you
-	have to enable the following option as well:</para>
+      <programlisting>gateway_enable="YES"            # az &aacute;tj&aacute;r&oacute;i funkci&oacute;k enged&eacute;lyez&eacute;se</programlisting>
 
-      <programlisting>gateway_enable="YES"            # Enable as LAN gateway</programlisting>
     </sect2>
 
     <sect2>
-      <title>Enabling <acronym>ALTQ</acronym></title>
+      <title>Az <acronym>ALTQ</acronym> enged&eacute;lyez&eacute;se</title>
 
-      <para><acronym>ALTQ</acronym> is only available by compiling the
-	options into the &os; Kernel.  <acronym>ALTQ</acronym> is not
-	supported by all of the available network card drivers.	 Please
-	see the &man.altq.4; manual page for a list of drivers that are
-	supported in your release of &os;.  The following options will
-	enable <acronym>ALTQ</acronym> and add additional
-	functionality.</para>
+      <para>Az <acronym>ALTQ</acronym> kiz&aacute;r&oacute;lag csak
+	&uacute;gy &eacute;rhet&#245; el, ha beleford&iacute;tjuk a &os;
+	rendszermagj&aacute;ba.  Az <acronym>ALTQ</acronym> nem minden
+	h&aacute;l&oacute;zati k&aacute;rtya r&eacute;sz&eacute;r&#245;l
+	t&aacute;mogatott.  Az &man.altq.4; man oldal&aacute;n
+	megtal&aacute;lhatjuk a &os; aktu&aacute;lis
+	kiad&aacute;s&aacute;ban szerepl&#245; t&aacute;mogat&oacute;
+	meghajt&oacute;k list&aacute;j&aacute;t.  A k&ouml;vetkez&#245;
+	be&aacute;ll&iacute;t&aacute;sok az <acronym>ALTQ</acronym>
+	tov&aacute;bbi lehet&#245;s&eacute;geit igyekeznek
+	enged&eacute;lyezni.</para>
 
       <programlisting>options         ALTQ
-options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
-options         ALTQ_RED        # Random Early Detection (RED)
-options         ALTQ_RIO        # RED In/Out
-options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
-options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
-options         ALTQ_NOPCC      # Required for SMP build</programlisting>
+options         ALTQ_CBQ        # oszt&aacute;lyoz&aacute;s alap&uacute; besorol&aacute;s (Class Bases Queuing, CBQ)
+options         ALTQ_RED        # v&eacute;letlen korai &eacute;szlel&eacute;s (Random Early Detection, RED)
+options         ALTQ_RIO        # RED befele/kifele
+options         ALTQ_HFSC       # hiearchikus csomag&uuml;temez&#245; (Hierarchical Packet Scheduler, HFSC)
+options         ALTQ_PRIQ       # priorit&aacute;sos besorol&aacute;s (Priority Queuing, PRIQ)
+options         ALTQ_NOPCC      # az SMP eset&eacute;n kell</programlisting>
+
+      <para>Az <literal>options ALTQ</literal> az
+	<acronym>ALTQ</acronym> rendszert enged&eacute;lyezi.</para>
 
-      <para><literal>options ALTQ</literal> enables the
-	<acronym>ALTQ</acronym> framework.</para>
+      <para>Az <literal>options ALTQ_CBQ</literal> enged&eacute;lyezi a
+	oszt&aacute;lyoz&aacute;s alap&uacute; besorol&aacute;st (Class
+	Based Queuing, <acronym>CBQ</acronym>).  A
+	<acronym>CBQ</acronym> haszn&aacute;lat&aacute;val a
+	kapcsolatunkhoz tartoz&oacute;
+	s&aacute;vsz&eacute;less&eacute;get
+	k&uuml;l&ouml;nb&ouml;z&#245; oszt&aacute;lyokra vagy sorokra
+	tudjuk szedni, &eacute;s a sz&#251;r&eacute;si
+	szab&aacute;lyoknak megfelel&#245;en oszt&aacute;lyozni
+	seg&iacute;ts&eacute;g&uuml;kkel a forgalmat.</para>
 
-      <para><literal>options ALTQ_CBQ</literal> enables Class Based
-	Queuing (<acronym>CBQ</acronym>).  <acronym>CBQ</acronym>
-	allows you to divide a connection's bandwidth into different
-	classes or queues to prioritize traffic based on filter
-	rules.</para>
+      <para>Az <literal>options ALTQ_RED</literal> a v&eacute;letlen
+	korai &eacute;szlel&eacute;s (Random Early Detection,
+	<acronym>RED</acronym>) haszn&aacute;lat&aacute;t
+	enged&eacute;lyezi.  A <acronym>RED</acronym> a
+	h&aacute;l&oacute;zati forgalomban keletkez&#245;
+	torl&oacute;d&aacute;sok elker&uuml;l&eacute;s&eacute;re
+	alkalmas.  A <acronym>RED</acronym> ezt a
+	probl&eacute;m&aacute;t &uacute;gy oldja meg, hogy m&eacute;ri a
+	sorok hossz&aacute;t &eacute;s &ouml;sszeveti a
+	hozz&aacute;tartoz&oacute; minim&aacute;lis &eacute;s
+	maxim&aacute;lis k&uuml;sz&ouml;b&eacute;rt&eacute;kekkel.  Ha a
+	sor hossza meghaladja a sz&aacute;m&aacute;ra el&#245;&iacute;rt
+	maxim&aacute;lis &eacute;rt&eacute;ket, akkor az &uacute;j
+	csomagokat eldobja.  Nev&eacute;hez h&#251;en a
+	<acronym>RED</acronym> az eldob&aacute;sra &iacute;t&eacute;lt
+	csomagokat v&eacute;letlenszer&#251;en v&aacute;lasztja
+	ki.</para>
 
-      <para><literal>options ALTQ_RED</literal> enables Random Early
-	Detection (<acronym>RED</acronym>).  <acronym>RED</acronym> is
-	used to avoid network congestion.  <acronym>RED</acronym> does
-	this by measuring the length of the queue and comparing it to
-	the minimum and maximum thresholds for the queue.  If the
-	queue is over the maximum all new packets will be dropped.
-	True to its name, <acronym>RED</acronym> drops packets from
-	different connections randomly.</para>
+      <para>Az <literal>options ALTQ_RIO</literal> enged&eacute;lyezi a
+	<acronym>RED</acronym> haszn&aacute;lat&aacute;t mind a
+	k&eacute;t ir&aacute;nyba, teh&aacute;t be- &eacute;s
+	kifel&eacute;.</para>
 
-      <para><literal>options ALTQ_RIO</literal> enables Random Early
-	Detection In and Out.</para>
+      <para>Az <literal>options ALTQ_HFSC</literal> a p&aacute;rtatlan
+	hierachikus szolg&aacute;ltat&aacute;si g&ouml;rbe alap&uacute;
+	csomag&uuml;temez&#245;t (Hierarchical Fair Service Curve Packet
+	Scheduler, <acronym>HFSC</acronym>) enged&eacute;lyezi.  Vele
+	kapcsolatban a <ulink
+	url="http://www-2.cs.cmu.edu/~hzhang/HFSC/main.html"></ulink>;
+	c&iacute;men tal&aacute;lhatunk b&#245;vebben
+	olvasnival&oacute;t (angolul).</para>
 
-      <para><literal>options ALTQ_HFSC</literal> enables the
-	Hierarchical Fair Service Curve Packet Scheduler.  For more
-	information about <acronym>HFSC</acronym> see: <ulink
-	  url="http://www-2.cs.cmu.edu/~hzhang/HFSC/main.html"></ulink>.</para>;
+      <para>Az <literal>options ALTQ_PRIQ</literal> a priorit&aacute;sos
+	besorol&aacute;st (Priority Queuing, <acronym>PRIQ</acronym>)
+	teszi el&eacute;rhet&#245;v&eacute;.  A <acronym>PRIQ</acronym>
+	mindig els&#245;k&eacute;nt a nagyobb &eacute;rt&eacute;k&#251;
+	sorban lev&#245; forgalmat tov&aacute;bb&iacute;tja.</para>
 
-      <para><literal>options ALTQ_PRIQ</literal> enables Priority
-	Queuing (<acronym>PRIQ</acronym>).  <acronym>PRIQ</acronym>
-	will always pass traffic that is in a higher queue
-	first.</para>
+      <para>Az <literal>options ALTQ_NOPCC</literal> az
+	<acronym>ALTQ</acronym> <acronym>SMP</acronym>, vagyis
+	t&ouml;bbprocesszoros t&aacute;mogat&aacute;s&aacute;t adja meg.
+	Ilyen t&iacute;pus&uacute; rendszerekben ez
+	k&ouml;telez&#245;.</para>
 
-      <para><literal>options ALTQ_NOPCC</literal> enables
-	<acronym>SMP</acronym> support for <acronym>ALTQ</acronym>.
-	This option is required on <acronym>SMP</acronym>
-	systems.</para>
     </sect2>
 
     <sect2>
-      <title>Creating Filtering Rules</title>
+      <title>A sz&#251;r&eacute;si szab&aacute;lyok
+	megfogalmaz&aacute;sa</title>
 
-      <para>The Packet Filter reads its configuration rules from the
-	&man.pf.conf.5; file and it modifies, drops or passes packets
-	according to the rules or definitions specified there.  The &os;
-	installation comes with a default
-	<filename>/etc/pf.conf</filename> which contains useful examples
-	and explanations.</para>
+      <para>A csomagsz&#251;r&#245; a &man.pf.conf.5;
+	&aacute;llom&aacute;nyb&oacute;l olvassa be a szab&aacute;lyokat
+	&eacute;s a benne szerepl&#245; szab&aacute;lyok vagy
+	defin&iacute;ci&oacute;k alapj&aacute;n m&oacute;dos&iacute;tja,
+	eldobja vagy &aacute;tengedi a csomagokat.  A &os;
+	telep&iacute;t&eacute;s&eacute;ben alap&eacute;rtelmez&eacute;s
+	szerint az <filename>/etc/pf.conf</filename>
+	&aacute;llom&aacute;ny l&aacute;tja el ennek szerep&eacute;t,
+	ami sz&aacute;mos hasznos p&eacute;ld&aacute;t &eacute;s
+	magyar&aacute;zatot tartalmaz.</para>
 
-      <para>Although &os; has its own <filename>/etc/pf.conf</filename>
-	the syntax is the same as one used in OpenBSD.  A great
-	resource for configuring the <application>pf</application>
-	firewall has been written by OpenBSD team and is available at
-	<ulink url="http://www.openbsd.org/faq/pf/"></ulink>.</para>;
+      <para>Noha a &os; saj&aacute;t <filename>/etc/pf.conf</filename>
+	&aacute;llom&aacute;nnyal rendelkezik, a
+	fel&eacute;p&iacute;t&eacute;se m&eacute;gis
+	t&ouml;k&eacute;letesen megegyezik az OpenBSD-ben
+	haszn&aacute;latossal.  A <application>pf</application>
+	t&#251;zfal be&aacute;ll&iacute;t&aacute;s&aacute;val az OpenBSD
+	csapat &aacute;ltal &iacute;rt nagyszer&#251; &iacute;r&aacute;s
+	foglalkozik, ami a <ulink
+	url="http://www.openbsd.org/faq/pf/"></ulink>; c&iacute;mr&#245;l
+	&eacute;rhet&#245; el (angolul).</para>
 
       <warning>
-	<para>When browsing the pf user's guide, please keep in mind that
-     different versions of &os; contain different versions of pf.  The
-     <application>pf</application> firewall in &os; 5.X is at the level
-     of OpenBSD version 3.5 and in &os; 6.X is at the level of OpenBSD
-     version 3.7.</para>
+	<para>A <application>pf</application> felhaszn&aacute;l&oacute;i
+	  &uacute;tmutat&oacute;j&aacute;t olvasgatva azonban soha nem
+	  szabad elfelejten&uuml;nk, hogy &os; egyes v&aacute;ltozatai a
+	  <application>pf</application> k&uuml;l&ouml;nb&ouml;z&#245;
+	  verzi&oacute;it tartalmazz&aacute;k.  A &os; 5.X
+	  &aacute;g&aacute;ban az OpenBSD 3.5
+	  <application>pf</application> t&#251;zfal&aacute;t, m&iacute;g
+	  a &os; 6.X v&aacute;ltozataiban az OpenBSD 3.7 szerinti
+	  verzi&oacute;j&aacute;t tal&aacute;ljuk.</para>
       </warning>
 
-      <para>The &a.pf; is a good place to ask questions about
-	configuring and running the <application>pf</application>
-	firewall.  Do not forget to check the mailing list archives
-	before asking questions.</para>
+      <para>A &a.pf; kit&#251;n&#245; hely a
+	<application>pf</application>
+	be&aacute;ll&iacute;t&aacute;s&aacute;val &eacute;s
+	m&#251;k&ouml;dtet&eacute;s&eacute;vel kapcsolatos
+	k&eacute;rd&eacute;sek feltev&eacute;s&eacute;re.  Viszont
+	miel&#245;tt itt k&eacute;rdezn&eacute;nk, ne felejts&uuml;k el
+	&aacute;tn&eacute;zni a levelez&eacute;si lista
+	arch&iacute;vumait sem.</para>
+
     </sect2>
   </sect1>
 
   <sect1 id="firewalls-ipf">
-    <title>The IPFILTER (IPF) Firewall</title>
+    <title>Az IPFILTER (IPF) t&#251;zfal</title>
 
     <indexterm>
-      <primary>firewall</primary>
-
+      <primary>t&#251;zfalak</primary>
       <secondary>IPFILTER</secondary>
     </indexterm>
 
     <note>
-      <para>This section is work in progress.  The contents might
-	not be accurate at all times.</para>
+      <para>Ez a szakasz fejleszt&eacute;s alatt &aacute;ll.  Ennek
+	megfelel&#245;en a tartalma nem minden esetben pontos.</para>
     </note>
 
-    <para>The author of IPFILTER is Darren Reed.  IPFILTER is not
-      operating system dependent: it is an open source application and
-      has been ported to &os;, NetBSD, OpenBSD, &sunos;, HP/UX, and
-      &solaris; operating systems.  IPFILTER is actively being
-      supported and maintained, with updated versions being released
-      regularly.</para>
+    <para>Az IPFILTER szerz&#245;je Darren Reed.  Az IPFILTER nem
+      k&ouml;t&#245;dik egyik rendszerhez sem: ez egy olyan ny&iacute;lt
+      forr&aacute;sk&oacute;d&uacute; alkalmaz&aacute;s, amit
+      &aacute;t&iacute;rtak &os;, NetBSD, OpenBSD, &sunos;, HP/UX
+      &eacute;s &solaris; oper&aacute;ci&oacute;s rendszerekre.  Az
+      IPFILTER karbantart&aacute;sa &eacute;s t&aacute;mogat&aacute;sa
+      pillanatnyilag is akt&iacute;v, folyamatosan jelennek meg
+      &uacute;jabb v&aacute;ltozatai.</para>
 
-    <para>IPFILTER is based on a kernel-side firewall and
-      <acronym>NAT</acronym> mechanism that can be controlled and
-      monitored by userland interface programs.  The firewall rules can
-      be set or deleted with the &man.ipf.8; utility.  The
-      <acronym>NAT</acronym> rules can be set or deleted with the
-      &man.ipnat.1; utility.  The &man.ipfstat.8; utility can print
-      run-time statistics for the kernel parts of IPFILTER.  The
-      &man.ipmon.8; program can log IPFILTER actions to the system log
-      files.</para>
+    <para>Az IPFILTER egy rendszermag oldal&aacute;n
+      m&#251;k&ouml;d&#245; t&#251;zfalaz&aacute;si &eacute;s egy
+      c&iacute;mford&iacute;t&aacute;si mechanizmusra alapszik, amit
+      felhaszn&aacute;l&oacute;i programokkal tudunk fel&uuml;gyelni
+      &eacute;s vez&eacute;relni.  A t&#251;zfal szab&aacute;lyai a
+      &man.ipf.8; seg&eacute;dprogrammal
+      &aacute;ll&iacute;that&oacute;ak be vagy
+      t&ouml;r&ouml;lhet&#245;ek.  A h&aacute;l&oacute;zati
+      c&iacute;mford&iacute;t&aacute;sra vonatkoz&oacute;
+      szab&aacute;lyokat a &man.ipnat.1; seg&eacute;dprogrammal
+      &aacute;ll&iacute;thatjuk be vagy t&ouml;r&ouml;lhetj&uuml;k.  A
+      &man.ipfstat.8; seg&eacute;dprogram k&eacute;pes fut&aacute;s
+      k&ouml;zben statisztik&aacute;kat k&eacute;sz&iacute;teni az
+      IPFILTER rendszermagban elhelyezked&#245; r&eacute;szeinek
+      viselked&eacute;s&eacute;r&#245;l.  A &man.ipmon.8; program pedig
+      az IPFILTER cselekv&eacute;seit k&eacute;pes a
+      rendszernapl&oacute;kba feljegyezni.</para>
 
-    <para>IPF was originally written using a rule processing logic of
-      <quote>the last matching rule wins</quote> and used only
-      stateless type of rules.  Over time IPF has been enhanced to
-      include a <quote>quick</quote> option and a stateful <quote>keep
-	state</quote> option which drastically modernized the rules
-      processing logic.  IPF's official documentation covers the legacy
-      rule coding parameters and the legacy rule file processing
-      logic.  The modernized functions are only included as additional
-      options, completely understating their benefits in producing a
-      far superior secure firewall.</para>
+    <para>Az IPF eredetileg olyan szab&aacute;lyfeldolgoz&aacute;si
+      m&oacute;dszer szerint k&eacute;sz&uuml;lt, amiben <quote>az
+      utols&oacute; egyez&#245; szab&aacute;ly nyer</quote> &eacute;s
+      csak &aacute;llapotn&eacute;lk&uuml;li szab&aacute;lyokat ismert.
+      Az id&#245; m&uacute;l&aacute;s&aacute;val az IPF
+      r&eacute;sz&eacute;v&eacute; v&aacute;lt a <quote>quick</quote>
+      opci&oacute; &eacute;s a <quote>keep state</quote> opci&oacute;n
+      kereszt&uuml;l az &aacute;llapottart&aacute;s is, melyek
+      dr&aacute;mai m&eacute;rt&eacute;kben
+      korszer&#251;s&iacute;tett&eacute;k a szab&aacute;lyok
+      feldolgoz&aacute;s&aacute;nak elv&eacute;t.  Az IPF hivatalos
+      dokument&aacute;ci&oacute;ja tartalmazza a r&eacute;gi
+      szab&aacute;lyok l&eacute;trehoz&aacute;s&aacute;t &eacute;s azok
+      feldolgoz&aacute;s&aacute;nak le&iacute;r&aacute;s&aacute;t.  A
+      korszer&#251;s&iacute;tett funkci&oacute;k csak
+      kieg&eacute;sz&iacute;t&eacute;sk&eacute;ppen jelennek meg,
+      &eacute;s az &aacute;ltaluk felk&iacute;n&aacute;lt
+      el&#245;ny&ouml;k meg&eacute;rt&eacute;se egy sokkal magasabb
+      szint&#251; &eacute;s biztons&aacute;gosabb t&#251;zfal
+      meg&eacute;p&iacute;t&eacute;s&eacute;t teszik
+      lehet&#245;v&eacute;.</para>
 
-    <para>The instructions contained in this section are based on
-      using rules that contain the <quote>quick</quote> option and the
-      stateful <quote>keep state</quote> option.  This is the basic
-      framework for coding an inclusive firewall rule set.</para>
+    <para>A szakaszban szerepl&#245; utas&iacute;t&aacute;sokban olyan
+      szab&aacute;lyok szerepelnek, amik kihaszn&aacute;lj&aacute;k a
+      <quote>quick</quote> &eacute;s <quote>keep state</quote>
+      opci&oacute;kat.  Ezek az inkluz&iacute;v
+      t&#251;zfalszab&aacute;lyok l&eacute;trehoz&aacute;s&aacute;nak
+      alapjai.</para>
 
-    <!-- XXX: something like this already in
-	 <xref linkend="firewalls-concepts">
-	 AND: the para below is repeated 3 times in this chapter-->
+    <para>Az inkluz&iacute;v t&#251;zfalak csak olyan csomagokat
+      engednek kereszt&uuml;l, amik megfelelnek a szab&aacute;lyoknak.
+      Ezen m&oacute;don k&eacute;pesek vagyunk megmondani, hogy a
+      t&#251;zfal m&ouml;g&uuml;l milyen szolg&aacute;ltat&aacute;sok
+      &eacute;rhet&#245;ek el az interneten &eacute;s
+      seg&iacute;ts&eacute;g&eacute;vel azt is megadhatjuk, hogy az
+      internetr&#245;l a bels&#245; h&aacute;l&oacute;zatunkon milyen
+      szolg&aacute;ltat&aacute;sokat &eacute;rhetnek el.  A t&#251;zfal
+      alapb&oacute;l minden m&aacute;st visszautas&iacute;t &eacute;s
+      napl&oacute;z.  Az inkluz&iacute;v t&#251;zfalak sokkal de sokkal
+      megb&iacute;zhat&oacute;bbak az exkluz&iacute;v
+      t&#251;zfalakn&aacute;l, ez&eacute;rt itt most csak ilyenekkel
+      foglalkozunk.</para>
 
-    <para>An inclusive firewall only allows packets matching the rules
-      to pass through.  This way you can control what services can
-      originate behind the firewall destined for the public Internet
-      and also control the services which can originate from the
-      public Internet accessing your private network.  Everything else
-      is blocked and logged by default design.  Inclusive firewalls are
-      much, much more secure than exclusive firewall rule sets and is
-      the only rule set type covered herein.</para>
+    <para>A r&eacute;gi t&iacute;pus&uacute; szab&aacute;lyokr&oacute;l
+      a <ulink
+      url="http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1"></ulink>;
+      &eacute;s <ulink
+      url="http://coombs.anu.edu.au/~avalon/ip-filter.html"></ulink>;
+      c&iacute;meken olvashatunk (angolul).</para>
 
-    <para>For detailed explanation of the legacy rules processing
-      method see: <ulink
-	url="http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1"></ulink>;
-      and <ulink
-	url="http://coombs.anu.edu.au/~avalon/ip-filter.html"></ulink>.</para>;
+    <para>Az IPF gyakran ism&eacute;telt k&eacute;rd&eacute;sei a <ulink
+      url="http://www.phildev.net/ipf/index.html"></ulink>; c&iacute;men
+      &eacute;rhet&#245;ek el (angolul).</para>
 
-    <para>The IPF FAQ is at <ulink
-	url="http://www.phildev.net/ipf/index.html"></ulink>.</para>;
-
-    <para>A searchable archive of the open-source IPFilter mailing list is
-      available at <ulink
-        url="http://marc.theaimsgroup.com/?l=ipfilter"></ulink>.</para>;
+    <para>A ny&iacute;lt forr&aacute;s&uacute; IPFilter
+      levelez&eacute;si list kereshet&#245; arch&iacute;vumait a <ulink
+      url="http://marc.theaimsgroup.com/?l=ipfilter"></ulink>;
+      c&iacute;men tal&aacute;ljuk (angolul).</para>
 
     <sect2>
-      <title>Enabling IPF</title>
+      <title>Az IPF enged&eacute;lyez&eacute;se</title>
 
       <indexterm>
 	<primary>IPFILTER</primary>
+	<secondary>enged&eacute;lyez&eacute;s</secondary>
+      </indexterm>
 
-	<secondary>enabling</secondary>
-      </indexterm>
+      <para>Az IPF megtal&aacute;lhat&oacute; a &os;
+	alaptelep&iacute;t&eacute;s&eacute;ben mint menet k&ouml;zben
+	k&uuml;l&ouml;n bet&ouml;lthet&#245; modul.  Ha az
+	<filename>rc.conf</filename> &aacute;llom&aacute;nyba
+	be&iacute;rjuk a <literal>ipfilter_enable="YES"</literal> sort,
+	akkor ez a modul dinamikusan bet&ouml;lt&#245;dik.  A
+	bet&ouml;lthet&#245; modul alapb&oacute;l napl&oacute;z
+	&eacute;s a <literal>default pass all</literal>
+	be&aacute;ll&iacute;t&aacute;st tartalmazza.  Ha helyette a

>>> TRUNCATED FOR MAIL (1000 lines) <<<

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802241333.m1ODXehp043776>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact