- Remove contractions.
- Use the serial comma. - Correct spelling. PR: docs/74720 Submitted by: Joel Dahl <joel@automatvapen.se>
This commit is contained in:
Simon L. B. Nielsen
parent
0028638599
commit
1ba2385f57
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=23195
1 changed files with 11 additions and 11 deletions
|
|
@ -39,11 +39,11 @@
|
||||||
network connections and either allows the traffic through or
|
network connections and either allows the traffic through or
|
||||||
blocks it. The rules of the firewall can inspect one or more
|
blocks it. The rules of the firewall can inspect one or more
|
||||||
characteristics of the packets, including but not limited to the
|
characteristics of the packets, including but not limited to the
|
||||||
protocol type, the source or destination host address and the
|
protocol type, the source or destination host address, and the
|
||||||
source or destination port.</para>
|
source or destination port.</para>
|
||||||
|
|
||||||
<para>Firewalls greatly enhance the security of your network, your
|
<para>Firewalls greatly enhance the security of your network, your
|
||||||
applications and services. They can be used to do one of more of
|
applications and services. They can be used to do one or more of
|
||||||
the following things:</para>
|
the following things:</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
|
|
@ -197,7 +197,7 @@
|
||||||
<para>The author prefers IPFILTER because its stateful rules are
|
<para>The author prefers IPFILTER because its stateful rules are
|
||||||
much less complicated to use in a <acronym>NAT</acronym>
|
much less complicated to use in a <acronym>NAT</acronym>
|
||||||
environment and it has a built in ftp proxy that simplifies the
|
environment and it has a built in ftp proxy that simplifies the
|
||||||
rules to allow secure outbound FTP usage. If is also more
|
rules to allow secure outbound FTP usage. It is also more
|
||||||
appropriate to the knowledge level of the inexperienced firewall
|
appropriate to the knowledge level of the inexperienced firewall
|
||||||
user.</para>
|
user.</para>
|
||||||
|
|
||||||
|
|
@ -567,7 +567,7 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat</programlist
|
||||||
log and adds the log keyword to those rules. Normally only
|
log and adds the log keyword to those rules. Normally only
|
||||||
deny rules are logged.</para>
|
deny rules are logged.</para>
|
||||||
|
|
||||||
<para>Its very customary to include a default deny everything
|
<para>It is very customary to include a default deny everything
|
||||||
rule with the log keyword included as your last rule in the
|
rule with the log keyword included as your last rule in the
|
||||||
rule set. This way you get to see all the packets that did not
|
rule set. This way you get to see all the packets that did not
|
||||||
match any of the rules in the rule set.</para>
|
match any of the rules in the rule set.</para>
|
||||||
|
|
@ -750,8 +750,8 @@ EOF
|
||||||
<para>That is all there is to it. The rules are not important in
|
<para>That is all there is to it. The rules are not important in
|
||||||
this example, how the Symbolic substitution field are populated
|
this example, how the Symbolic substitution field are populated
|
||||||
and used are. If the above example was in /etc/ipf.rules.script
|
and used are. If the above example was in /etc/ipf.rules.script
|
||||||
file, you could reload these rules by entering on the command
|
file, you could reload these rules by entering this on the command
|
||||||
line.</para>
|
line:</para>
|
||||||
|
|
||||||
<programlisting><command>sh /etc/ipf.rules.script</command>
|
<programlisting><command>sh /etc/ipf.rules.script</command>
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
@ -949,7 +949,7 @@ sh /etc/ipf.rules.script</programlisting>
|
||||||
<title>SELECTION</title>
|
<title>SELECTION</title>
|
||||||
<para>The keywords described in this section are used to
|
<para>The keywords described in this section are used to
|
||||||
describe attributes of the packet to be interrogated when
|
describe attributes of the packet to be interrogated when
|
||||||
determining whether rules match or don't match. There is a
|
determining whether rules match or not. There is a
|
||||||
keyword subject, and it has sub-option keywords, one of
|
keyword subject, and it has sub-option keywords, one of
|
||||||
which has to be selected. The following general-purpose
|
which has to be selected. The following general-purpose
|
||||||
attributes are provided for matching, and must be used in
|
attributes are provided for matching, and must be used in
|
||||||
|
|
@ -1843,7 +1843,7 @@ options IPV6FIREWALL_VERBOSE_LIMIT
|
||||||
options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
||||||
|
|
||||||
<para>These options are exactly the same as the IPv4 options but
|
<para>These options are exactly the same as the IPv4 options but
|
||||||
they are for IPv6. If you don't use IPv6 you might want to use
|
they are for IPv6. If you do not use IPv6 you might want to use
|
||||||
IPV6FIREWALL without any rules to block all IPv6</para>
|
IPV6FIREWALL without any rules to block all IPv6</para>
|
||||||
|
|
||||||
<programlisting>options IPDIVERT</programlisting>
|
<programlisting>options IPDIVERT</programlisting>
|
||||||
|
|
@ -1852,7 +1852,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
||||||
functionality.</para>
|
functionality.</para>
|
||||||
|
|
||||||
<note>
|
<note>
|
||||||
<para>If you don't include IPFIREWALL_DEFAULT_TO_ACCEPT or set
|
<para>If you do not include IPFIREWALL_DEFAULT_TO_ACCEPT or set
|
||||||
your rules to allow incoming packets you will block all
|
your rules to allow incoming packets you will block all
|
||||||
packets going to and from this machine.</para>
|
packets going to and from this machine.</para>
|
||||||
</note>
|
</note>
|
||||||
|
|
@ -2067,7 +2067,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
||||||
|
|
||||||
<para>The keywords described in this section are used to
|
<para>The keywords described in this section are used to
|
||||||
describe attributes of the packet to be interrogated when
|
describe attributes of the packet to be interrogated when
|
||||||
determining whether rules match or don't match the packet.
|
determining whether rules match the packet or not.
|
||||||
The following general-purpose attributes are provided for
|
The following general-purpose attributes are provided for
|
||||||
matching, and must be used in this order:</para>
|
matching, and must be used in this order:</para>
|
||||||
|
|
||||||
|
|
@ -2277,7 +2277,7 @@ ks="keep-state" # just too lazy to key this each time
|
||||||
</programlisting>
|
</programlisting>
|
||||||
|
|
||||||
<para>The <filename>/etc/ipfw.rules</filename> file could be
|
<para>The <filename>/etc/ipfw.rules</filename> file could be
|
||||||
located any where you want and the file could be named any
|
located anywhere you want and the file could be named any
|
||||||
thing you would like.</para>
|
thing you would like.</para>
|
||||||
|
|
||||||
<para>The same thing could also be accomplished by running
|
<para>The same thing could also be accomplished by running
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue