diff --git a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
index 6c3be8d82d..fc4663c99b 100644
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
@@ -39,11 +39,11 @@
network connections and either allows the traffic through or
blocks it. The rules of the firewall can inspect one or more
characteristics of the packets, including but not limited to the
- protocol type, the source or destination host address and the
+ protocol type, the source or destination host address, and the
source or destination port.
Firewalls greatly enhance the security of your network, your
- applications and services. They can be used to do one of more of
+ applications and services. They can be used to do one or more of
the following things:
@@ -197,7 +197,7 @@
The author prefers IPFILTER because its stateful rules are
much less complicated to use in a NAT
environment and it has a built in ftp proxy that simplifies the
- rules to allow secure outbound FTP usage. If is also more
+ rules to allow secure outbound FTP usage. It is also more
appropriate to the knowledge level of the inexperienced firewall
user.
@@ -567,7 +567,7 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
- Its very customary to include a default deny everything
+ It is very customary to include a default deny everything
rule with the log keyword included as your last rule in the
rule set. This way you get to see all the packets that did not
match any of the rules in the rule set.
@@ -750,8 +750,8 @@ EOF
That is all there is to it. The rules are not important in
this example, how the Symbolic substitution field are populated
and used are. If the above example was in /etc/ipf.rules.script
- file, you could reload these rules by entering on the command
- line.
+ file, you could reload these rules by entering this on the command
+ line:
sh /etc/ipf.rules.script
@@ -949,7 +949,7 @@ sh /etc/ipf.rules.script
SELECTION
The keywords described in this section are used to
describe attributes of the packet to be interrogated when
- determining whether rules match or don't match. There is a
+ determining whether rules match or not. There is a
keyword subject, and it has sub-option keywords, one of
which has to be selected. The following general-purpose
attributes are provided for matching, and must be used in
@@ -1843,7 +1843,7 @@ options IPV6FIREWALL_VERBOSE_LIMIT
options IPV6FIREWALL_DEFAULT_TO_ACCEPT
These options are exactly the same as the IPv4 options but
- they are for IPv6. If you don't use IPv6 you might want to use
+ they are for IPv6. If you do not use IPv6 you might want to use
IPV6FIREWALL without any rules to block all IPv6
options IPDIVERT
@@ -1852,7 +1852,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT
functionality.
- If you don't include IPFIREWALL_DEFAULT_TO_ACCEPT or set
+ If you do not include IPFIREWALL_DEFAULT_TO_ACCEPT or set
your rules to allow incoming packets you will block all
packets going to and from this machine.
@@ -2067,7 +2067,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT
The keywords described in this section are used to
describe attributes of the packet to be interrogated when
- determining whether rules match or don't match the packet.
+ determining whether rules match the packet or not.
The following general-purpose attributes are provided for
matching, and must be used in this order:
@@ -2277,7 +2277,7 @@ ks="keep-state" # just too lazy to key this each time
The /etc/ipfw.rules file could be
- located any where you want and the file could be named any
+ located anywhere you want and the file could be named any
thing you would like.
The same thing could also be accomplished by running