docs/74720: [patch] Handbook: More corrections to the firewall chapter

Len Zettel zettel at acm.org
Mon Dec 6 02:50:08 UTC 2004 

The following reply was made to PR docs/74720; it has been noted by GNATS.

From: Len Zettel <zettel at acm.org>
To: freebsd-doc at freebsd.org, Joel Dahl <joel at automatvapen.se>
Cc: FreeBSD-gnats-submit at freebsd.org
Subject: Re: docs/74720: [patch] Handbook: More corrections to the firewall chapter
Date: Sun, 5 Dec 2004 21:43:07 +0000

 On Sunday 05 December 2004 02:31 pm, Joel Dahl wrote:
 > >Number:         74720
 > >Category:       docs
 > >Synopsis:       [patch] Handbook: More corrections to the firewall chapter
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-doc
 > >State:          open
 > >Quarter:
 > >Keywords:
 > >Date-Required:
 > >Class:          doc-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Sun Dec 05 14:40:22 GMT 2004
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Joel Dahl
 > >Release:        FreeBSD 5.3-STABLE i386
 > >Organization:
 > >Environment:
 >
 > System: FreeBSD dude.automatvapen.se 5.3-STABLE FreeBSD 5.3-STABLE #1: Sat
 > Nov 13 19:50:36 CET 2004 joel at dude.automatvapen.se:/usr/obj/usr/src/sys/WRK
 > i386
 >
 > >Description:
 >
 > - Remove contractions.
 > - Use the serial comma.
 > - Correct spelling.
 >
 > This chapter still requires a lot of work.
 >
 > >How-To-Repeat:
 > >
 > >Fix:
 >
 > --- firewall2.diff begins here ---
 > Index: chapter.sgml
 > ===================================================================
 So while you were at it, why not go a little further----
 
 > RCS file:
 > /home/ncvs/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v
 > retrieving revision 1.1
 > diff -u -r1.1 chapter.sgml
 > --- chapter.sgml	5 Dec 2004 00:14:21 -0000	1.1
 > +++ chapter.sgml	5 Dec 2004 13:46:13 -0000
 > @@ -39,11 +39,11 @@
 >        network connections and either allows the traffic through or
 >        blocks it. The rules of the firewall can inspect one or more
 >        characteristics of the packets, including but not limited to the
 > -      protocol type, the source or destination host address and the
 > +      protocol type, the source or destination host address, and the
 >        source or destination port.</para>
 >
 >      <para>Firewalls greatly enhance the security of your network, your
 > -      applications and services. They can be used to do one of more of
 > +      applications and services. They can be used to do one or more of
 >        the following things:</para>
           the following:
 >
 >      <itemizedlist>
 > @@ -197,7 +197,7 @@
 >      <para>The author prefers IPFILTER because its stateful rules are
 >        much less complicated to use in a <acronym>NAT</acronym>
 >        environment and it has a built in ftp proxy that simplifies the
           environment and its built in ftp proxy simplifies the
 > -      rules to allow secure outbound FTP usage. If is also more
  +      rules necessary for secure outbound FTP usage. It is also more
 >        appropriate to the knowledge level of the inexperienced firewall
         attuned to the knowledge level of the inexperienced firewall
 >        user.</para>
 >
 > @@ -566,7 +566,7 @@
 >           log and adds the log keyword to those rules. Normally only
 >           deny rules are logged.</para>
 >
 > -       <para>Its very customary to include a default deny everything
 > +       <para>It is very customary to include a default deny everything
   +       <para>It is customary to include a default "deny everything"
 >           rule with the log keyword included as your last rule in the
             rule containing the log keyword as your last rule in the
 >           rule set. This way you get to see all the packets that did not
              rule set. You can then see all the packets that did not
 >           match any of the rules in the rule set.</para>
 > @@ -749,8 +749,8 @@
 >         <para>That is all there is to it. The rules are not important in
 >           this example, how the Symbolic substitution field are populated
              this example; how the Symbolic substitution fields are populated
 >           and used are. If the above example was in /etc/ipf.rules.script
             and used is. If the above example were in /etc/ipf.rules.script
 > -         file, you could reload these rules by entering on the command
 > -         line.</para>
 > +         file, you could reload these rules by entering this on the
 > command +         line:</para>
 >
 >         <programlisting><command>sh /etc/ipf.rules.script</command>
 >           </programlisting>
 > @@ -948,7 +948,7 @@
 >             <title>SELECTION</title>
 >             <para>The keywords described in this section are used to
 >               describe attributes of the packet to be interrogated when
 > -             determining whether rules match or don't match. There is a
 > +             determining whether rules match or not. There is a
   +             determining whether rules match. There is a
 >               keyword subject, and it has sub-option keywords, one of
 >               which has to be selected. The following general-purpose
                  which must be selected. The following general-purpose
 >               attributes are provided for matching, and must be used in
 > @@ -1842,7 +1842,7 @@
 >  options    IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
 >
 >        <para>These options are exactly the same as the IPv4 options but
 > -        they are for IPv6. If you don't use IPv6 you might want to use
 > +        they are for IPv6. If you do not use IPv6 you might want to use
 >          IPV6FIREWALL without any rules to block all IPv6</para>
 >
 >        <programlisting>options    IPDIVERT</programlisting>
 > @@ -1851,7 +1851,7 @@
 >          functionality.</para>
 >
 >        <note>
 > -        <para>If you don't include IPFIREWALL_DEFAULT_TO_ACCEPT or set
 > +        <para>If you do not include IPFIREWALL_DEFAULT_TO_ACCEPT or set
 >            your rules to allow incoming packets you will block all
 >            packets going to and from this machine.</para>
 >        </note>
 > @@ -2066,7 +2066,7 @@
 >
 >            <para>The keywords described in this section are used to
 >              describe attributes of the packet to be interrogated when
 > -            determining whether rules match or don't match the packet.
 > +            determining whether rules match the packet or not.
   +            determining whether rules match the packet.
 >              The following general-purpose attributes are provided for
 >              matching, and must be used in this order:</para>
 >
 > @@ -2276,7 +2276,7 @@
 >              </programlisting>
 >
 >            <para>The <filename>/etc/ipfw.rules</filename> file could be
 > -            located any where you want and the file could be named any
 > +            located anywhere you want and the file could be named any
 >              thing you would like.</para>
                in a name and location of your choice.
 >
 >            <para>The same thing could also be accomplished by running
 > --- firewall2.diff ends here ---
 >
 > >Release-Note:
 > >Audit-Trail:
 > >Unformatted:
 >
 > _______________________________________________
 > freebsd-doc at freebsd.org mailing list
 > http://lists.freebsd.org/mailman/listinfo/freebsd-doc
 > To unsubscribe, send any mail to "freebsd-doc-unsubscribe at freebsd.org"

More information about the freebsd-doc mailing list