FreeBSD Bugzilla – Attachment 50254 Details for
Bug 76600
More punctuation and spacing changes for the firewall chapter.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 5.58 KB, created by
Brad Davis
on 2005-01-23 09:30:25 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Brad Davis
Created:
2005-01-23 09:30:25 UTC
Size:
5.58 KB
patch
obsolete
>--- doc-ori/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Fri Jan 21 >11:05:20 2005 >+++ doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Sun Jan 23 02:14:32 >2005 >@@ -365,7 +365,7 @@ > <para>Sample kernel config IPF option statements are in the > <filename>/usr/src/sys/conf/NOTES</filename> kernel source > (<filename>/usr/src/sys/<replaceable>arch</replaceable>/conf/LINT</filename> >- for &os; 4.X) and are reproduced here.</para> >+ for &os; 4.X) and are reproduced here:</para> > > <programlisting>options IPFILTER > options IPFILTER_LOG >@@ -401,7 +401,7 @@ > # n = map IP & port to names</programlisting> > <para>If you have a LAN behind this firewall that uses the > reserved private IP address ranges, then you need to add the >- following to enable <acronym>NAT</acronym> functionality.</para> >+ following to enable <acronym>NAT</acronym> functionality:</para> > > <programlisting>gateway_enable="YES" # Enable as Lan gateway > ipnat_enable="YES" # Start ipnat function >@@ -414,7 +414,7 @@ > <para>The ipf command is used to load your rules file. Normally > you create a file containing your custom rules and use this > command to replace in mass the currently running firewall >- internal rules.</para> >+ internal rules:</para> > > <programlisting><command>ipf -Fa -f /etc/ipf.rules</command></programlisting> > >@@ -531,7 +531,7 @@ > rotate system logs. That is why outputting the log information to > syslogd is better than the default of outputting to a regular > file. In the default <filename>rc.conf</filename> file you see the >- ipmon_flags statement uses the <option>-Ds</option> flags</para> >+ ipmon_flags statement uses the <option>-Ds</option> flags:</para> > > <programlisting>ipmon_flags="-Ds" # D = start as daemon > # s = log to syslog >@@ -564,7 +564,7 @@ > and <quote>level.</quote> IPMON in <option>-Ds</option> mode uses ><literal>local0</literal> as the > <quote>facility</quote> name. All IPMON logged data goes to > <literal>local0</literal>. The following levels can be used to further >segregate >- the logged data if desired.</para> >+ the logged data if desired:</para> > > <screen>LOG_INFO - packets logged using the "log" keyword as the action rather >than pass or block. > LOG_NOTICE - packets logged which are also passed >@@ -583,8 +583,7 @@ > considerable flexibility in how syslog will deal with system > messages issued by software applications like IPF.</para> > >- <para>Add the following statement to <filename>/etc/syslog.conf >- </filename>:</para> >+ <para>Add the following statement to ><filename>/etc/syslog.conf</filename></para> > > <programlisting>local0.* /var/log/ipfilter.log</programlisting> > >@@ -751,8 +750,8 @@ > > <para>Add a script like the following to your <filename> > /usr/local/etc/rc.d/</filename> startup directory. The script >- should have an obvious name like <filename>loadipfrules.sh >- </filename>. The <filename>.sh</filename> extension is mandatory.</para> >+ should have an obvious name like <filename>loadipfrules.sh</filename>. >+ The <filename>.sh</filename> extension is mandatory.</para> > > <programlisting>#!/bin/sh > sh /etc/ipf.rules.script</programlisting> >@@ -982,7 +981,7 @@ > <para>There is no way to match ranges of IP addresses which > do not express themselves easily as mask-length. See this > web page for help on writing mask-length: >- <ulink url="http://jodies.de/ipcalc"></ulink></para> >+ <ulink url="http://jodies.de/ipcalc"></ulink>.</para> > </sect3> > > <sect3> >@@ -1174,8 +1173,7 @@ > > <para>Check out this link for port numbers used by Trojans > <ulink >- url="http://www.simovits.com/trojans/trojans.html"></ulink> >- </para> >+ url="http://www.simovits.com/trojans/trojans.html"></ulink>.</para> > > <para>The following rule set is a complete very secure > 'inclusive' type of firewall rule set that I have used on my >@@ -1404,7 +1402,7 @@ > <acronym>NAT</acronym>ed private LAN IP address. According to > RFC 1918, you can use the following IP ranges for private nets > which will never be routed directly to the public >- Internet.</para> >+ Internet:</para> > > <informaltable frame="none" pgwide="1"> > <tgroup cols="2"> >@@ -1579,7 +1577,7 @@ > IP<acronym>NAT</acronym> to only use source ports in a > range. For example the following rule will tell > IP<acronym>NAT</acronym> to modify the source port to be >- within that range.</para> >+ within that range:</para> > > <programlisting>map dc0 192.168.1.0/24 -> 0.32 portmap tcp/udp >20000:60000</programlisting> > >@@ -1628,13 +1626,13 @@ > > <programlisting>map dc0 20.20.20.5/32 port 80 -> 10.0.10.25 port >80</programlisting> > >- <para>or</para> >+ <para>Or:</para> > > <programlisting>map dc0 0/32 port 80 -> 10.0.10.25 port 80</programlisting> > >- <para>or for a LAN DNS Server on LAN address of <hostid >+ <para>Or for a LAN DNS Server on LAN address of <hostid > role="ipaddr">10.0.10.33</hostid> that needs to receive >- public DNS requests</para> >+ public DNS requests:</para> > > <programlisting>map dc0 20.20.20.5/32 port 53 -> 10.0.10.33 port 53 >udp</programlisting> > </sect2>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=50254">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 76600
: 50254