From nobody Sun Nov 06 17:58:26 2022 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N52Cl0NRyz4gkJ1 for ; Sun, 6 Nov 2022 17:58:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N52Ck6xv3z3qwY; Sun, 6 Nov 2022 17:58:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667757507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oyi1C+LGvUXSRRtfo3DsrrTxxfT+UOYSuako1rr3hAo=; b=u0XOmEsf/xkrhl4GhAx4RizrF15ASmi+LBRAliEK5BBzOnLad6W6gZp4fJItcd4CNUMoEb HKgnm2VRxFo6NOVswiOZc7pf2wTnH3VYi5nJMCAwanap5QVdAyMiG5/TiJocpjJBYBYjyZ 5mzjvMPiAcy6VcEyT/DJmUE4CsKi/qaxXc63izLXaOleu/4xyLTRXRrmu5IB+r6kZEgu4j 6tgNqx03G1bVJsWdZueHriOowUNcgcpV/YqzZWtyxmD4bKqs9+1mdJKJ6JGE+k4mYRDto3 SRvFJILYts8DbMWYLoGO+LGoElXwF9d4iaC09v8vbGqV3WnsV+IwIl5C9Bv17Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N52Ck5vDqzW3H; Sun, 6 Nov 2022 17:58:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2A6HwQpP081966; Sun, 6 Nov 2022 17:58:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2A6HwQj1081965; Sun, 6 Nov 2022 17:58:26 GMT (envelope-from git) Date: Sun, 6 Nov 2022 17:58:26 GMT Message-Id: <202211061758.2A6HwQj1081965@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Muhammad Moinur Rahman Subject: git: 9c05bcb960 - main - handbook: Fix ipfw syntax List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-doc-all@freebsd.org X-BeenThere: dev-commits-doc-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bofh X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9c05bcb9608cfb1e77409ea364984a383fd0cd1e Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1667757507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=oyi1C+LGvUXSRRtfo3DsrrTxxfT+UOYSuako1rr3hAo=; b=alLVMpKFUMADSET2DWWkaql080Pjk/npprZFhSCy3XBv78W4Ur1J+Tk/8NkOJ4YSIupHzd WgIZTCGnxp1ydweXtXAKCJMRd0JuB9o/mvnM0nqAIQQp8I9RNg2FG+mMgvkJDYOB5PTltY qcwy9H03n4etK9qAjOVoAdgjS8z1msbH7/yudX1Irv4vaK58aynV3dGwIH+opcr9NVy8wV WuaT+0+sfZl5Rac4BU7n4qoPP0R9yQDJiS1G97Keo0EQ0qGgCp3gQ+0LNqToDLf0HKam85 ano6LOaL7omVSsg5KMmdvwhFt90CL5TIagCclJ4ivjlawLpAI0S9pmJUKyDLSQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1667757507; a=rsa-sha256; cv=none; b=N9h749bPJEnyq0J7kz5Fn5Oub6kp+AaVb5cp7j+C3cNa5iT0KeY9EpfF2NKmchFDY0D8po ZjGtPKg/CwpjeVy20uizUG+HVMw58UJd75aFCyFXBf/7Rq38cHitrWBaSQnxmeNPwkwvOY iguAT6ML7Rd9Mmv26FL/PAWViK1JOsRjTZVUt4plsVLNcGDhhyunnyDx0kURtESymV1e7i FteoipKjcgFBBtxoZQkIGzftOgRhAwSyvnG+lk8EcOLn9xvWDeWDoQgXeBezweKrS7jOYe ZsAo/qVJ00YICcQkyYOjflAaaVON5T/vzSRFWc8KcA1QpZU+lx9FCadA9tro0w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by bofh: URL: https://cgit.FreeBSD.org/doc/commit/?id=9c05bcb9608cfb1e77409ea364984a383fd0cd1e commit 9c05bcb9608cfb1e77409ea364984a383fd0cd1e Author: Muhammad Moinur Rahman AuthorDate: 2022-11-06 17:57:00 +0000 Commit: Muhammad Moinur Rahman CommitDate: 2022-11-06 17:57:00 +0000 handbook: Fix ipfw syntax In the handbook ipfw mentions about redirect_address which is wrong. The exact terminology is redirect_addr. For reference please check the man page: https://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=8&manpath=FreeBSD+12.3-RELEASE+and+Ports&arch=default&format=html https://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=8&manpath=FreeBSD+13.1-RELEASE+and+Ports&arch=default&format=html While I am here fix EOL space Approved by: carlavilla Differential Revision: https://reviews.freebsd.org/D37264 --- .../content/en/books/handbook/firewalls/_index.adoc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/documentation/content/en/books/handbook/firewalls/_index.adoc b/documentation/content/en/books/handbook/firewalls/_index.adoc index 6f239ee78b..ba6083f2cf 100644 --- a/documentation/content/en/books/handbook/firewalls/_index.adoc +++ b/documentation/content/en/books/handbook/firewalls/_index.adoc @@ -503,7 +503,7 @@ The most common points against using FTP include: * The protocol demands the use of at least two TCP connections (control and data) on separate ports. * When a session is established, data is communicated using randomly selected ports. -All of these points present security challenges, even before considering any potential security weaknesses in client or server software. +All of these points present security challenges, even before considering any potential security weaknesses in client or server software. More secure alternatives for file transfer exist, such as man:sftp[1] or man:scp[1], which both feature authentication and data transfer over encrypted connections. For those situations when FTP is required, PF provides redirection of FTP traffic to a small proxy program called man:ftp-proxy[8], which is included in the base system of FreeBSD. @@ -1598,19 +1598,19 @@ Each LAN client can be assigned its own external IP address by man:ipfw[8], whic This is also known as static NAT. For example, if IP addresses `128.1.1.1`, `128.1.1.2`, and `128.1.1.3` are available, `128.1.1.1` can be used as the man:ipfw[8] machine's external IP address, while `128.1.1.2` and `128.1.1.3` are forwarded back to LAN clients `A` and `B`. -The `redirect_address` syntax is as below, where `localIP` is the internal IP address of the LAN client, and `publicIP` the external IP address corresponding to the LAN client. +The `redirect_addr` syntax is as below, where `localIP` is the internal IP address of the LAN client, and `publicIP` the external IP address corresponding to the LAN client. [.programlisting] .... -redirect_address localIP publicIP +redirect_addr localIP publicIP .... In the example, the arguments would read: [.programlisting] .... -redirect_address 192.168.0.2 128.1.1.2 -redirect_address 192.168.0.3 128.1.1.3 +redirect_addr 192.168.0.2 128.1.1.2 +redirect_addr 192.168.0.3 128.1.1.3 .... Like `redirect_port`, these arguments are placed in a NAT instance configuration. @@ -1663,7 +1663,7 @@ Below are two example entries, one per line: [.programlisting] .... redirect_port tcp 192.168.0.2:6667 6667 -redirect_address 192.168.0.3 128.1.1.3 +redirect_addr 192.168.0.3 128.1.1.3 .... ==== @@ -2686,6 +2686,6 @@ After identifying the address to be unblocked from the list, the following comma # pfctl -a blacklistd/22 -t port22 -T delete 213.0.123.128/25 .... -The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF. +The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF. The entry in blacklistd's database will eventually expire and be removed from its output. The entry will be added again if the host is matching one of the block rules in blacklistd again.