Bug 40313
| Summary: | Grammar, wording, and clarifications for handbook/security/chapter.sgml | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Documentation | Reporter: | Chris Pepper <pepper> | ||||
| Component: | Books & Articles | Assignee: | freebsd-doc (Nobody) <doc> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
State Changed From-To: open->closed I committed many of the changes in this patch, found some others, and left a few of your changes uncommitted since I don't agree with them. This chapter needs a lot more work. Your patch here was very much appreciated. |
The IPFW chapter assumes all firewalling occurs in the kernel; it might not on a non-FreeBSD system. There are some awkward word choices. Fix: The patch below removes assumptions that firewall occurs in the kernel from the text. It improves some wording. There are some outstanding issues I lacked sufficient information to address: This page should mention NAT, which is the firewalling term most likely to be recognized by new users. <para>As the main part of the IPFW system lives in the kernel, you will need to add one or more options to your kernel configuration file, depending on what facilities you want, and recompile your kernel. See "Reconfiguring your Kernel" (<xref linkend="kernelconfig">) for more details on how to recompile your kernel.</para> This is no longer correct -- ipfw can be kldloaded. It would be good to mention that IPFW can be activated through /etc/rc.conf, along with any additional requirements and warnings that accompany this procedure (IPFIREWALL_FORWARD broken per kern/39814; DIVERT broken for ipfw.kld per <http://docs.freebsd.org/cgi/getmsg.cgi?fetch=2998668+0+archive/2002/freebsd-questions/20020707.freebsd-questions>). <para>There are currently three kernel configuration options relevant to IPFW:</para> Per LINT, it's 4 (or 9 with IPv6). There are two related parts to IPFW. The firewall section allows you to perform packet filtering. There is also an IP accounting section which allows you to track usage of your router, based on similar rules to the firewall section. This allows you to see (for example) how much traffic your router is getting from a certain machine, or how much WWW (World Wide Web) traffic it is forwarding. Previous versions of IPFW used separate firewall and accounting entries. The present version provides packet accounting with each firewall entry. These paras (in different sections) disagree. If both filtering and accounting now use a unified ruleset, the first should be updated. How-To-Repeat: Visit <http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kerberos.html>.