From nobody Fri Aug 5 18:24:33 2022 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LzvBn6GSXz4YdTr for ; Fri, 5 Aug 2022 18:24:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LzvBn5YDDz3nwd; Fri, 5 Aug 2022 18:24:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659723873; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=keYEGVVkNGOQsGUeBE1HfSDnjxUlwXItjIk1zTydGwY=; b=GpamKiI6V7AN4BFGJ9v2dPnn6VazEpsXyTO6mSZG5FNiK/vTNLhr0KDsxjssRX2LKHixRq MjYYGQpoF7pSzIV3/YGPYih0y95S4loPyYNF6ilqhm9Hp5FSnuvKp6jvvW1Of2aSpEcr2T eT3FYLq4KYpxcxrljK0fZdAa9dqUaUPutdC7xMZiwLSvMjTmo92VHhdhn1cirXDQNic2xM xc0wL8qwBa8a6bL8yFBX73Q0Xy2uuJwfqfnHiJHyvPFoutQ9l56I+PM+f3FnV7eTDGVAo+ We7ywHGdOtTRksZdMvc86nbY9iDQO8T5aUrxNSMmJ1hJGtYqSG8z7xwC0128Aw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4LzvBn4NP6z138y; Fri, 5 Aug 2022 18:24:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 275IOXXU081197; Fri, 5 Aug 2022 18:24:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 275IOXhx081196; Fri, 5 Aug 2022 18:24:33 GMT (envelope-from git) Date: Fri, 5 Aug 2022 18:24:33 GMT Message-Id: <202208051824.275IOXhx081196@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Sergio Carlavilla Delgado Subject: git: f4e8db9335 - main - Fix typos and some rewording in Firewall chapter List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: carlavilla X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f4e8db9335d250a78b8df81c335d0df93735def6 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659723873; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=keYEGVVkNGOQsGUeBE1HfSDnjxUlwXItjIk1zTydGwY=; b=eu7iewIgEBxrC7wsPLkenAzVYPvylN/0HKkowxqBuhB82WNfEFDZ8PZBFOUPytx4usXfwU om1T/n7YwQDC9XBhJbkyYMZ5vSJpfsRCutQUp1VAGt17LugHDgUDeBcL3AM4qeg80qLJRI qocOCY1NSgk0BbqedJx81EyIVQ1kZegsC17C4qVIY7ydpJ3hUz6YH/sxeROWy6RtKKO9bk jmE6WWr8AiFueVGUlLT/jh0FX9SwUASrtTa2gVWQ1mtmIdYpD0RKI0y+6cn+HKyMLoi7bZ WUXrNy42E9zQNgMRK3hxyS6lvdvy0XFDcv4f6unyIEdlRVX3rblKCZ4FPy7kUQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659723873; a=rsa-sha256; cv=none; b=Fsti+SzD3U94SfL1XXrmX14b9PB1TFuHOKkMHzswRs1R0pQBOwyfQt7MLyZg7xDXDZkXeP 2xjBVA2+XfoxFtDWIpt/yftG27sm3DJAmkuvcvIfQ1wsZ/Mi4lr/kyys20lUGTcwUaWVrI kFVz/mfWlyjmxvBdwEEU6iZBngtk4fxkXgEgPSoeGgG0HhBzfzDeHHB3KjiZetZPENGFUy C94mv6g6+8QTteeVqN2pJRi+2xSAXjuBZ6YQHBX5tkKgJop2g9O9i5uPOnMwlScG04RAOY mgukPZsGt5pG/L4nriTgz0M9Kn9iFWTlH9Dd9CPVvKCNtShUz++oyhFFzaIwPw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by carlavilla: URL: https://cgit.FreeBSD.org/doc/commit/?id=f4e8db9335d250a78b8df81c335d0df93735def6 commit f4e8db9335d250a78b8df81c335d0df93735def6 Author: ghislain AuthorDate: 2022-08-05 18:23:28 +0000 Commit: Sergio Carlavilla Delgado CommitDate: 2022-08-05 18:23:28 +0000 Fix typos and some rewording in Firewall chapter PR: 265455 --- documentation/content/en/books/handbook/firewalls/_index.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/documentation/content/en/books/handbook/firewalls/_index.adoc b/documentation/content/en/books/handbook/firewalls/_index.adoc index 0d77039b67..4001b30850 100644 --- a/documentation/content/en/books/handbook/firewalls/_index.adoc +++ b/documentation/content/en/books/handbook/firewalls/_index.adoc @@ -2452,7 +2452,7 @@ For example: `icmp 3/3` for a port unreachable message. [[firewalls-blacklistd]] == Blacklistd -Blacklistd is a daemon listening to sockets to receive notifications from other daemons about connection attempts that failed or were successful. +Blacklistd is a daemon listening to sockets awaiting to receive notifications from other daemons about connection attempts that failed or were successful. It is most widely used in blocking too many connection attempts on open ports. A prime example is SSH running on the internet getting a lot of requests from bots or scripts trying to guess passwords and gain access. Using blacklistd, the daemon can notify the firewall to create a filter rule to block excessive connection attempts from a single source after a number of tries. Blacklistd was first developed on NetBSD and appeared there in version 7. @@ -2501,7 +2501,7 @@ ssh stream * * * 3 24h All rules that follow the `[local]` section are treated as local rules (which is the default), applying to the local machine. When a `[remote]` section is encountered, all rules that follow it are handled as remote machine rules. -Seven fields define a rule separated by either tabs or spaces. +Seven fields separated by either tabs or spaces define a rule. The first four fields identify the traffic that should be blocklisted. The three fields that follow define backlistd's behavior. Wildcards are denoted as asterisks (`*`), matching anything in this field. @@ -2593,7 +2593,7 @@ To explain it, this example rule is used: The address field can be an IP address (either v4 or v6), a port or both. This allows setting special rules for a specific remote address range like in this example. -The fields for type, protocol and owner are identically interpreted as in the local rule. +The fields for socket type, protocol and owner are identically interpreted as in the local rule. The name fields is different though: the equal sign (`=`) in a remote rule tells blacklistd to use the value from the matching local rule. It means that the firewall rule entry is taken and the `/25` prefix (a netmask of `255.255.255.128`) is added.