Whitespace commit and slight word change: s/rule(base|set)/rule $1/g
PR: docs/48366 Approved by: ceri
This commit is contained in:
Sean Chittenden
parent
2bd73cd1f8
commit
7a62acf736
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=16030
1 changed files with 8 additions and 8 deletions
|
|
@ -163,7 +163,7 @@ ppp_mode="auto"
|
|||
ppp_nat="YES"
|
||||
ppp_profile="<replaceable>profile</replaceable>"</programlisting>
|
||||
|
||||
<para>If so, you will need to specifically disable
|
||||
<para>If so, you will need to specifically disable
|
||||
<literal>ppp_nat</literal> by making sure you have
|
||||
<literal>ppp_nat="NO"</literal> in <filename>/etc/rc.conf</filename>. You will
|
||||
also need to remove any <literal>nat enable yes</literal> or
|
||||
|
|
@ -172,15 +172,15 @@ ppp_profile="<replaceable>profile</replaceable>"</programlisting>
|
|||
</sect1>
|
||||
|
||||
<sect1 id="rules">
|
||||
<title>The ruleset for the firewall</title>
|
||||
<title>The rule set for the firewall</title>
|
||||
|
||||
<para>We are nearly done now. All that remains now is to define
|
||||
the firewall rules and then we can reboot and the firewall
|
||||
should be up and running. I realize that everyone will want
|
||||
something slightly different when it comes to their rulebase.
|
||||
What I have tried to do is write a rulebase that suits most dialup
|
||||
something slightly different when it comes to their rule base.
|
||||
What I have tried to do is write a rule base that suits most dialup
|
||||
users. You can obviously modify it to your needs by using the
|
||||
following rules as the foundation for your own rulebase. First,
|
||||
following rules as the foundation for your own rule base. First,
|
||||
let's start with the basics of closed firewalling. What you
|
||||
want to do is deny everything by default and then only open up
|
||||
for the things you really need. Rules should be in the order of
|
||||
|
|
@ -253,7 +253,7 @@ $fwcmd add deny log ip from any to any</programlisting>
|
|||
you could be using the built in &man.ppp.8;
|
||||
filters?</para>
|
||||
</question>
|
||||
|
||||
|
||||
<answer>
|
||||
<para>I will have to be honest and say there is no definitive
|
||||
reason why I use <command>ipfw</command> and
|
||||
|
|
@ -322,7 +322,7 @@ $fwcmd add deny log ip from any to any</programlisting>
|
|||
|
||||
<answer>
|
||||
<para>This tutorial assumes that you are running
|
||||
<emphasis>userland-ppp</emphasis>, therefore the supplied ruleset
|
||||
<emphasis>userland-ppp</emphasis>, therefore the supplied rule set
|
||||
operates on the <devicename>tun0</devicename> interface, which
|
||||
corresponds to the first connection made with &man.ppp.8; (a.k.a.
|
||||
<emphasis>user-ppp</emphasis>). Additional connections would use
|
||||
|
|
@ -335,7 +335,7 @@ $fwcmd add deny log ip from any to any</programlisting>
|
|||
<devicename>tun0</devicename> for
|
||||
<devicename>ppp0</devicename>. A quick way to edit the
|
||||
firewall rules to reflect this change is shown below. The
|
||||
original ruleset is backed up as
|
||||
original rules et is backed up as
|
||||
<filename>fwrules_tun0</filename>.</para>
|
||||
|
||||
<screen> &prompt.user; <userinput>cd /etc/firewall</userinput>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue