Attachment 48850 Details for Bug 74720 – firewall2.diff

[patch] firewall2.diff

firewall2.diff (text/plain), 4.49 KB, created by Joel Dahl on 2004-12-05 14:40:22 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Joel Dahl

Created: 2004-12-05 14:40:22 UTC

Size: 4.49 KB

patch

obsolete

>Index: chapter.sgml
>===================================================================
>RCS file: /home/ncvs/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v
>retrieving revision 1.1
>diff -u -r1.1 chapter.sgml
>--- chapter.sgml	5 Dec 2004 00:14:21 -0000	1.1
>+++ chapter.sgml	5 Dec 2004 13:46:13 -0000
>@@ -39,11 +39,11 @@
>       network connections and either allows the traffic through or
>       blocks it. The rules of the firewall can inspect one or more
>       characteristics of the packets, including but not limited to the
>-      protocol type, the source or destination host address and the
>+      protocol type, the source or destination host address, and the
>       source or destination port.</para>
> 
>     <para>Firewalls greatly enhance the security of your network, your
>-      applications and services. They can be used to do one of more of
>+      applications and services. They can be used to do one or more of
>       the following things:</para>
> 
>     <itemizedlist>
>@@ -197,7 +197,7 @@
>     <para>The author prefers IPFILTER because its stateful rules are
>       much less complicated to use in a <acronym>NAT</acronym>
>       environment and it has a built in ftp proxy that simplifies the
>-      rules to allow secure outbound FTP usage. If is also more
>+      rules to allow secure outbound FTP usage. It is also more
>       appropriate to the knowledge level of the inexperienced firewall
>       user.</para>
> 
>@@ -566,7 +566,7 @@
>          log and adds the log keyword to those rules. Normally only
>          deny rules are logged.</para>
> 
>-       <para>Its very customary to include a default deny everything
>+       <para>It is very customary to include a default deny everything
>          rule with the log keyword included as your last rule in the
>          rule set. This way you get to see all the packets that did not
>          match any of the rules in the rule set.</para>
>@@ -749,8 +749,8 @@
>        <para>That is all there is to it. The rules are not important in
>          this example, how the Symbolic substitution field are populated
>          and used are. If the above example was in /etc/ipf.rules.script
>-         file, you could reload these rules by entering on the command
>-         line.</para>
>+         file, you could reload these rules by entering this on the command
>+         line:</para>
> 
>        <programlisting><command>sh /etc/ipf.rules.script</command>
>          </programlisting>
>@@ -948,7 +948,7 @@
>            <title>SELECTION</title>
>            <para>The keywords described in this section are used to
>              describe attributes of the packet to be interrogated when
>-             determining whether rules match or don't match. There is a
>+             determining whether rules match or not. There is a
>              keyword subject, and it has sub-option keywords, one of
>              which has to be selected. The following general-purpose
>              attributes are provided for matching, and must be used in
>@@ -1842,7 +1842,7 @@
> options    IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
> 
>       <para>These options are exactly the same as the IPv4 options but
>-        they are for IPv6. If you don't use IPv6 you might want to use
>+        they are for IPv6. If you do not use IPv6 you might want to use
>         IPV6FIREWALL without any rules to block all IPv6</para>
> 
>       <programlisting>options    IPDIVERT</programlisting>
>@@ -1851,7 +1851,7 @@
>         functionality.</para>
> 
>       <note>
>-        <para>If you don't include IPFIREWALL_DEFAULT_TO_ACCEPT or set
>+        <para>If you do not include IPFIREWALL_DEFAULT_TO_ACCEPT or set
>           your rules to allow incoming packets you will block all
>           packets going to and from this machine.</para>
>       </note>
>@@ -2066,7 +2066,7 @@
> 
>           <para>The keywords described in this section are used to
>             describe attributes of the packet to be interrogated when
>-            determining whether rules match or don't match the packet.
>+            determining whether rules match the packet or not.
>             The following general-purpose attributes are provided for
>             matching, and must be used in this order:</para>
> 
>@@ -2276,7 +2276,7 @@
>             </programlisting>
> 
>           <para>The <filename>/etc/ipfw.rules</filename> file could be
>-            located any where you want and the file could be named any
>+            located anywhere you want and the file could be named any
>             thing you would like.</para>
> 
>           <para>The same thing could also be accomplished by running

Actions: View | Diff

Attachments on bug 74720: 48850