svn commit: r54041 - head/en_US.ISO8859-1/books/handbook/firewalls

Alex Dupre ale at FreeBSD.org
Tue Apr 7 10:02:51 UTC 2020 

Author: ale
Date: Tue Apr  7 10:02:50 2020
New Revision: 54041
URL: https://svnweb.freebsd.org/changeset/doc/54041

Log:
  Fix typo in IPFW page and s/reassamble/reassemble/g
  
  PR:		245396
  Submitted by:	wout at canodus.be

Modified:
  head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml	Mon Apr  6 17:10:38 2020	(r54040)
+++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml	Tue Apr  7 10:02:50 2020	(r54041)
@@ -2256,18 +2256,18 @@ ipfw -q nat 1 config if $pif same_ports unreg_o
       <para>The inbound <acronym>NAT</acronym> rule is inserted
 	<emphasis>after</emphasis> the two rules which allow all
 	traffic on the trusted and loopback interfaces and after the
-	reassamble rule but <emphasis>before</emphasis> the
+	reassemble rule but <emphasis>before</emphasis> the
 	<literal>check-state</literal> rule.  It is important that the
 	rule number selected for this <acronym>NAT</acronym> rule, in
 	this example <literal>100</literal>, is higher than the first
 	three rules and lower than the <literal>check-state</literal>
 	rule.  Furthermore, because of the behavior of in-kernel
-	<acronym>NAT</acronym> it is advised to place a reassamble
+	<acronym>NAT</acronym> it is advised to place a reassemble
 	rule just before the first <acronym>NAT</acronym> rule and
 	after the rules that allow traffic on trusted interface.
 	Normally, <acronym>IP</acronym> fragmentation should not
 	happen, but when dealing with <acronym>IPSEC/ESP/GRE</acronym>
-	tunneling traffic it might and the reassmabling of fragments
+	tunneling traffic it might and the reassembling of fragments
 	is necessary before handing the complete packet over to the
 	in-kernel <acronym>NAT</acronym> facility.</para>
 
@@ -2275,7 +2275,7 @@ ipfw -q nat 1 config if $pif same_ports unreg_o
 	<para>The reassemble rule was not needed with userland
 	  &man.natd.8; because the internal workings of the
 	  <application>IPFW</application> <literal>divert</literal>
-	  action already takes care of reassambling packets before
+	  action already takes care of reassembling packets before
 	  delivery to the socket as also stated in &man.ipfw.8;.</para>
 
 	<para>The <acronym>NAT</acronym> instance and rule number used
@@ -2287,7 +2287,7 @@ ipfw -q nat 1 config if $pif same_ports unreg_o
 
       <programlisting>$cmd 005 allow all from any to any via xl0  # exclude LAN traffic
 $cmd 010 allow all from any to any via lo0  # exclude loopback traffic
-$cmd 099 reass all from any to any in       # reassamble inbound packets
+$cmd 099 reass all from any to any in       # reassemble inbound packets
 $cmd 100 nat 1 ip from any to any in via $pif # NAT any inbound packets
 # Allow the packet through if it has an existing entry in the dynamic rules table
 $cmd 101 check-state</programlisting>

More information about the svn-doc-head mailing list