In firewalls section:

- Use of inline elements instead of block elements where needed - Some tags changes for consitency - Add missing options word This should give a better output. (It's a 1st pass, more things need to be fixed)
svn path=/head/; revision=22655
2004-10-24 09:10:22 +00:00 · 2004-10-24 09:10:22 +00:00 · 7ceb8be186 · 2020-12-08 03:00:23 +00:00
commit 7ceb8be186
parent 60e5428835
1 changed files with 15 additions and 17 deletions
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@ -3133,7 +3133,7 @@ jdoe@example.org</screen>
      <para>PF is included in the basic &os; install for versions newer than
        5.3 as a separate run time loadable module. PF will dynamically load
 	        its kernel loadable module when the rc.conf statement
-        <programlisting>pf_enable="YES"</programlisting> is used. The
+        <literal>pf_enable="YES"</literal> is used. The
        loadable module was created with &man.pflog.4; logging
        enabled.</para>
    </sect3>
@ -3149,9 +3149,9 @@ jdoe@example.org</screen>
        <filename>/usr/src/sys/conf/NOTES</filename> kernel source and are
        reproduced here.</para>

-      <screen>device pf
+      <programlisting>device pf
 device pflog
-device pfsync</screen>
+device pfsync</programlisting>

      <para><literal>device pf</literal> tells the compile to include
        Packet Filter as part of its core kernel.</para>
@ -3251,8 +3251,8 @@ pflog_flags=""                  # additional flags for pflogd startup</programli
      <title>Enabling IPF</title>
      <para>IPF is included in the basic &os; install as a separate
        run time loadable module. IPF will dynamically load its kernel
-        loadable module when the rc.conf statement <programlisting>
-        ipfilter_enable="YES"</programlisting> is used. The loadable
+        loadable module when the rc.conf statement <literal>
+        ipfilter_enable="YES"</literal> is used. The loadable
        module was created with logging enabled and the <quote>default
        pass all</quote> options. You do not need to compile IPF into
        the &os; kernel just to change the default to <quote>block all
@ -3276,15 +3276,15 @@ pflog_flags=""                  # additional flags for pflogd startup</programli
 options IPFILTER_LOG
 options IPFILTER_DEFAULT_BLOCK</screen>

-      <para><programlisting>IPFILTER</programlisting> tells the compile
+      <para><literal>options IPFILTER</literal> tells the compile
        to include IPFILTER as part of its core kernel.</para>

-      <para><programlisting>IPFILTER_LOG</programlisting> enables the
+      <para><literal>options IPFILTER_LOG</literal> enables the
        option to have IPF log traffic by writing to the ipl packet
        logging psuedo&mdash;device for every rule that has the <quote>log
        </quote> keyword.</para>

-      <para><programlisting>IPFILTER_DEFAULT_BLOCK</programlisting>
+      <para><literal>options IPFILTER_DEFAULT_BLOCK</literal>
        changes the default behavior so any packet not matching a
        firewall <quote>pass</quote> rule gets blocked.</para>

@ -3297,22 +3297,20 @@ options IPFILTER_DEFAULT_BLOCK</screen>
      <para>You need the follow statements in <filename>/etc/rc.conf
        </filename> to activate IPF at boot time.</para>

-      <programlisting>ipfilter_enable="YES"             # Start ipf firewall</programlisting>
-      <programlisting>ipfilter_rules="/etc/ipf.rules"   # loads rules definition text file
-        </programlisting>
-      <programlisting>ipmon_enable="YES"                # Start IP monitor log
-        </programlisting>
-      <screen>ipmon_flags="&mdash;Ds"                 # D = start as daemon
+      <programlisting>ipfilter_enable="YES"             # Start ipf firewall
+ipfilter_rules="/etc/ipf.rules"   # loads rules definition text file
+ipmon_enable="YES"                # Start IP monitor log
+ipmon_flags="&mdash;Ds"                # D = start as daemon
                                  # s = log to syslog
                                  # v = log tcp window, ack, seq
-                                  # n = map IP & port to names</screen>
+                                  # n = map IP & port to names</programlisting>
      <para>If you have a LAN behind this firewall that uses the
        reserved private IP address ranges, then you need to add the
  following to enable <acronym>NAT</acronym> function.</para>

-      <screen>gateway_enable="YES"              # Enable as Lan gateway
+      <programlisting>gateway_enable="YES"              # Enable as Lan gateway
 ipnat_enable="YES"                # Start ipnat function
-ipnat_rules="/etc/ipnat.rules"    # rules definition file for ipnat</screen>
+ipnat_rules="/etc/ipnat.rules"    # rules definition file for ipnat</programlisting>

     </sect3>