- Whitespace cleanup which change rendered output. Should not be

ignored by translators.
- Fix some English grammar.
- Add missing punctuation.

Submitted by:	Siebrand Mazeland <s.mazeland@xs4all.nl>

en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml

@@ -610,8 +610,7 @@ ipnat_rules="/etc/ipnat.rules"    # rules definition file for ipnat</programlist
 	command to replace in mass the currently running firewall
 	internal rules:</para>
 
-      <screen>&prompt.root; <userinput>ipf -Fa -f /etc/ipf.rules</userinput>
-</screen>
+      <screen>&prompt.root; <userinput>ipf -Fa -f /etc/ipf.rules</userinput></screen>
 
       <para><option>-Fa</option> means flush all internal rules
 	tables.</para>
@@ -956,8 +955,7 @@ EOF
 	named <filename>/etc/ipf.rules.script</filename>, you could
 	reload these rules by entering the following command:</para>
 
-      <screen>&prompt.root; <userinput>sh /etc/ipf.rules.script</userinput>
-         </screen>
+      <screen>&prompt.root; <userinput>sh /etc/ipf.rules.script</userinput></screen>
 
       <para>There is one problem with using a rules file with embedded
 	symbolics: IPF does not understand symbolic substitution, and
@@ -1656,8 +1654,7 @@ pass in quick on dc0 proto tcp from any to any port = 22 flags S keep state
 # at filling up your log file space.
 # This rule enforces the block all by default logic.
 block in log first quick on dc0 all
-################### End of rules file #####################################
-        </programlisting>
+################### End of rules file #####################################</programlisting>
     </sect2>
 
     <sect2>
@@ -2134,7 +2131,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
       <para>The loadable module does have logging ability
 	compiled in.  To enable logging and set the verbose logging
 	limit, there is a knob you can set in
-	<filename>/etc/sysctl.conf</filename> by adding this
+	<filename>/etc/sysctl.conf</filename> by adding these
 	statements, logging will be enabled on future reboots:</para>
 
       <programlisting>net.inet.ip.fw.verbose=1
@@ -2314,7 +2311,7 @@ options    IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
       <screen>&prompt.root; <userinput>ipfw zero</userinput></screen>
 
       <para>Zero the counters for just rule
-	<replaceable>NUM</replaceable> :</para>
+	<replaceable>NUM</replaceable>:</para>
 
       <screen>&prompt.root; <userinput>ipfw zero NUM</userinput></screen>
     </sect2>
@@ -2711,8 +2708,7 @@ ks="keep-state"        # just too lazy to key this each time
 	  <filename>/etc/ipfw.rules</filename> file, you could reload
 	  these rules by entering on the command line.</para>
 
-	<screen>&prompt.root; <userinput>sh /etc/ipfw.rules</userinput>
-	    </screen>
+	<screen>&prompt.root; <userinput>sh /etc/ipfw.rules</userinput></screen>
 
 	<para>The <filename>/etc/ipfw.rules</filename> file could be
 	  located anywhere you want and the file could be named any
@@ -2733,7 +2729,7 @@ ks="keep-state"        # just too lazy to key this each time
       <sect3>
 	<title>Stateful Ruleset</title>
 
-	<para>The following non-<acronym>NAT</acronym>ed rule set is a
+	<para>The following non-<acronym>NAT</acronym>ed rule set is an
 	  example of how to code a very secure 'inclusive' type of
 	  firewall.  An inclusive firewall only allows services
 	  matching pass rules through and blocks all other by default.
@@ -2854,7 +2850,7 @@ ipfw -q -f flush
 # Set rules command prefix
 cmd="ipfw -q add"
 pif="dc0"     # public interface name of NIC
-                        # facing the public Internet
+              # facing the public Internet
 
 #################################################################
 # No restrictions on Inside LAN Interface for private network
@@ -2994,8 +2990,7 @@ pif="dc0"     # public interface name of NIC
 # Everything else is denied by default
 # deny and log all packets that fell through to see what they are
 &dollar;cmd 00999 deny log all from any to any
-################ End of IPFW rules file ###############################
-	  </programlisting>
+################ End of IPFW rules file ###############################</programlisting>
       </sect3>
 
       <sect3>
@@ -3090,7 +3085,7 @@ natd_flags="-dynamic -m"            # -m = preserve port numbers if possible</pr
 	  packet matches rule 100 and its IP address is mapped to LAN
 	  IP for the firewall box.  The packet is them matched against
 	  all the nasty things we want to check for and finally matches
-	  against rule 425.  On a match two things occur  The packet
+	  against rule 425.  On a match two things occur.  The packet
 	  rule is posted to the keep-state dynamic table but this time
 	  any new session requests originating from that source IP
 	  address is limited to 2.  This defends against DoS attacks of
@@ -3148,8 +3143,7 @@ ipfw -q -f flush
 &dollar;cmd 500 divert natd ip from any to any out via &dollar;pif
 &dollar;cmd 510 allow ip from any to any
 
-######################## end of rules  ##################
-	    </programlisting>
+######################## end of rules  ##################</programlisting>
 
 	<para>The following is pretty much the same as above, but uses
 	  a self documenting coding style full of description comments