handbook: Improve Firewalls chapter
- Fix some dead links and punctuations - pfctl_parser.c was moved to a new location since FreeBSD 10 - Fix a few service commands Issues found when translating this chapter to pt_BR. Reviewed by: bcr Approved by: doc (bcr) Differential Revision: https://reviews.freebsd.org/D18981
This commit is contained in:
Danilo G. Baio
parent
eddf97db17
commit
01023d99b7
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=52785
1 changed files with 11 additions and 11 deletions
|
|
@ -173,8 +173,8 @@
|
|||
and do a port number lookup to find the purpose of a particular
|
||||
port number.</para>
|
||||
|
||||
<para>Check out this link for port numbers used by Trojans <uri
|
||||
xlink:href="http://www.sans.org/security-resources/idfaq/oddports.php">http://www.sans.org/security-resources/idfaq/oddports.php</uri>.</para>
|
||||
<para>Check out this link for <uri
|
||||
xlink:href="http://web.archive.org/web/20150803024617/http://www.sans.org/security-resources/idfaq/oddports.php">port numbers used by Trojans</uri>.</para>
|
||||
|
||||
<para>FTP has two modes: active mode and passive mode. The
|
||||
difference is in how the data channel is acquired. Passive
|
||||
|
|
@ -606,8 +606,8 @@ options ALTQ_PRIQ # Priority Queuing (PRIQ)</programlisting>
|
|||
</variablelist>
|
||||
|
||||
<para>More information about the scheduling
|
||||
algorithms and example rulesets are available at <uri
|
||||
xlink:href="http://www.openbsd.org/faq/pf/queueing.html">http://www.openbsd.org/faq/pf/queueing.html</uri>.</para>
|
||||
algorithms and example rulesets are available at the <uri
|
||||
xlink:href="https://web.archive.org/web/20151109213426/http://www.openbsd.org/faq/pf/queueing.html">OpenBSD's web archive</uri>.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 xml:id="pf-tutorial">
|
||||
|
|
@ -831,7 +831,7 @@ pass from { lo0, $localnet } to any keep state</programlisting>
|
|||
flags S/SA keep state</programlisting>
|
||||
|
||||
<para>A few other pass rules may be needed. This one enables
|
||||
<acronym>SSH</acronym> on the external interface::</para>
|
||||
<acronym>SSH</acronym> on the external interface:</para>
|
||||
|
||||
<programlisting>pass in inet proto tcp to $ext_if port ssh</programlisting>
|
||||
|
||||
|
|
@ -1009,7 +1009,7 @@ pass inet proto icmp from any to $ext_if keep state</programlisting>
|
|||
<para>If other types of <acronym>ICMP</acronym> packets are
|
||||
needed, expand <literal>icmp_types</literal> to a list of
|
||||
those packet types. Type <command>more
|
||||
/usr/src/contrib/pf/pfctl/pfctl_parser.c</command> to see
|
||||
/usr/src/sbin/pfctl/pfctl_parser.c</command> to see
|
||||
the list of <acronym>ICMP</acronym> message types supported
|
||||
by <application>PF</application>. Refer to <link
|
||||
xlink:href="http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml">http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml</link>
|
||||
|
|
@ -1417,7 +1417,7 @@ rdr pass on $ext_if inet proto tcp from !<spamd-white> to \
|
|||
|
||||
<para>When finished, reload the ruleset, start
|
||||
<application>spamd</application> by typing
|
||||
<command>service start obspamd</command>, and complete
|
||||
<command>service obspamd start</command>, and complete
|
||||
the configuration using <command>spamd-setup</command>.
|
||||
Finally, create a &man.cron.8; job which calls
|
||||
<command>spamd-setup</command> to update the tables at
|
||||
|
|
@ -1472,8 +1472,8 @@ rdr pass on $ext_if inet proto tcp from !<spamd-white> to \
|
|||
<step>
|
||||
<para>To complete the greylisting setup:</para>
|
||||
|
||||
<programlisting>&prompt.root; <userinput>service restart obspamd</userinput>
|
||||
&prompt.root; <userinput>service start spamlogd</userinput></programlisting>
|
||||
<programlisting>&prompt.root; <userinput>service obspamd restart</userinput>
|
||||
&prompt.root; <userinput>service obspamlogd start</userinput></programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
|
||||
|
|
@ -2164,7 +2164,7 @@ pif="dc0" # interface name of NIC attached to Internet</programlisting>
|
|||
<acronym>LAN</acronym> should be assigned an
|
||||
<acronym>IP</acronym> address in the private network space, as
|
||||
defined by <link
|
||||
xlink:href="ftp://ftp.isi.edu/in-notes/rfc1918.txt">RFC
|
||||
xlink:href="https://www.ietf.org/rfc/rfc1918.txt">RFC
|
||||
1918</link>, and have the default gateway set to the
|
||||
&man.natd.8; system's internal <acronym>IP</acronym>
|
||||
address.</para>
|
||||
|
|
@ -2365,7 +2365,7 @@ good_tcpo="22,25,37,53,80,443,110"</programlisting>
|
|||
configuration file.</para>
|
||||
|
||||
<para>For further configuration options, consult
|
||||
&man.natd.8;</para>
|
||||
&man.natd.8;.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
|
|
|
|||
Loading…
Reference in a new issue