svn commit: r43987 - head/en_US.ISO8859-1/books/handbook/firewalls
Dru Lavigne
dru at FreeBSD.org
Tue Feb 18 21:30:20 UTC 2014
Author: dru
Date: Tue Feb 18 21:30:19 2014
New Revision: 43987
URL: http://svnweb.freebsd.org/changeset/doc/43987
Log:
Prep work for next round of edits.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Tue Feb 18 21:05:36 2014 (r43986)
+++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Tue Feb 18 21:30:19 2014 (r43987)
@@ -1191,30 +1191,8 @@ pass inet proto tcp from any to $localne
<programlisting>/usr/local/sbin/expiretable -v -d -t 24h bruteforce</programlisting>
</sect3>
- <sect3 xml:id="pftut-tools">
- <title>Other <application>PF</application> Tools</title>
-
- <para>Over time, a number of tools have been developed which
- interact with <application>PF</application> in various
- ways.</para>
-
- <sect4 xml:id="pftut-pftop">
- <title>The <application>pftop</application> Traffic
- Viewer</title>
-
- <para>Can Erkin Acar's <application>pftop</application>
- makes it possible to keep an eye on what passes into and
- out of the network. <application>pftop</application> is
- available through the ports system as
- <package>sysutils/pftop</package>. The name is a strong
- hint at what it does - <application>pftop</application>
- shows a running snapshot of traffic in a format which is
- strongly inspired by &man.top.1;.</para>
- </sect4>
-
- <sect4 xml:id="pftut-spamd">
- <title>The <application>spamd</application> Spam Deferral
- Daemon</title>
+ <sect3 xml:id="pftut-spamd">
+ <title>Protecting Against <acronym>SPAM</acronym></title>
<para>Not to be confused with the
<application>spamd</application> daemon which comes
@@ -1249,11 +1227,7 @@ pass inet proto tcp from any to $localne
implementation with one byte SMTP replies is often
referred to as <firstterm>stuttering</firstterm>.</para>
- <sect5 xml:id="pftut-spamd-allblack">
- <title>A Basic Blacklisting
- <application>spamd</application></title>
-
- <para>Here is the basic procedure for setting up
+ <para>This example demonstrates the basic procedure for setting up
<application>spamd</application> with automatically
updated blacklists:</para>
@@ -1392,11 +1366,9 @@ rdr pass on $ext_if inet proto tcp from
<para>On a typical gateway in front of a mail server,
hosts will start getting trapped within a few seconds to
several minutes.</para>
- </sect5>
- <sect5 xml:id="pftut-spamd-greylist">
- <title>Adding Greylisting to the
- <application>spamd</application> Setup</title>
+ <sect4 xml:id="pftut-spamd-greylist">
+ <title>Adding Greylisting to the Setup</title>
<para><application>spamd</application> also supports
<firstterm>greylisting</firstterm>, which works by
@@ -1505,20 +1477,16 @@ rdr pass on $ext_if inet proto tcp from
administrator's main interface to managing the black,
grey and white lists via the contents of the
<filename>/var/db/spamdb</filename> database.</para>
- </sect5>
</sect4>
+ </sect3>
- <sect4 xml:id="pftut-hygiene">
- <title>Network Hygiene: Blocking, Scrubbing and so
- On</title>
-
- <para>Our gateway does not feel quite complete without a few
- more items in the configuration which will make it behave
- a bit more sanely towards hosts on the wide net and our
- local network.</para>
+ <sect3 xml:id="pftut-hygiene">
+ <title>Network Hygiene</title>
- <sect5 xml:id="pftut-blockpolicy">
- <title><literal>block-policy</literal></title>
+ <para>This section describes how
+ <literal>block-policy</literal>, <literal>scrub</literal>,
+ and <literal>antispoof</literal> can be used to make the
+ ruleset behave sanely.</para>
<para><literal>block-policy</literal> is an option which
can be set in the <literal>options</literal> part of the
@@ -1539,10 +1507,6 @@ rdr pass on $ext_if inet proto tcp from
returns:</para>
<programlisting>set block-policy return</programlisting>
- </sect5>
-
- <sect5 xml:id="pftut-scrub">
- <title><literal>scrub</literal></title>
<para>In <application>PF</application> versions up to
OpenBSD 4.5 inclusive, <literal>scrub</literal> is a
@@ -1573,10 +1537,6 @@ rdr pass on $ext_if inet proto tcp from
possible, and you should be able to cater to various
specific needs by consulting the man pages and some
experimentation.</para>
- </sect5>
-
- <sect5 xml:id="pftut-antispoof">
- <title><literal>antispoof</literal></title>
<para><literal>antispoof</literal> is a common special
case of filtering and blocking. This mechanism protects
@@ -1591,9 +1551,9 @@ rdr pass on $ext_if inet proto tcp from
<programlisting>antispoof for $ext_if
antispoof for $int_if</programlisting>
- </sect5>
+ </sect3>
- <sect5 xml:id="pftut-unrouteables">
+ <sect3 xml:id="pftut-unrouteables">
<title>Handling Non-Routable Addresses from
Elsewhere</title>
@@ -1643,9 +1603,24 @@ block drop out quick on $ext_if from any
xlink:href="http://home.nuug.no/~peter/pf/">http://home.nuug.no/~peter/pf/</link>,
where you will also find slides from related
presentations.</para>
- </sect5>
- </sect4>
</sect3>
+
+ <sect3 xml:id="pftut-pftop">
+ <title>Viewing Traffic</title>
+
+ <para>Over time, a number of tools have been developed which
+ interact with <application>PF</application> in various
+ ways.</para>
+
+ <para>Can Erkin Acar's <application>pftop</application>
+ makes it possible to keep an eye on what passes into and
+ out of the network. <application>pftop</application> is
+ available through the ports system as
+ <package>sysutils/pftop</package>. The name is a strong
+ hint at what it does - <application>pftop</application>
+ shows a running snapshot of traffic in a format which is
+ strongly inspired by &man.top.1;.</para>
+ </sect3>
</sect2>
</sect1>
More information about the svn-doc-all
mailing list