Add id attributes to sections, and remove one static reference ('see
the blah blah section') to an xref, which will automatically be updated should the section name change or be moved.
This commit is contained in:
Murray Stokely
parent
9ed12089ab
commit
a600fdcb90
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=23123
1 changed files with 16 additions and 17 deletions
|
|
@ -2972,7 +2972,7 @@ jdoe@example.org</screen>
|
|||
<primary>security</primary>
|
||||
<secondary>firewalls</secondary>
|
||||
</indexterm>
|
||||
<sect2>
|
||||
<sect2 id="firewalls-intro">
|
||||
<title>Introduction</title>
|
||||
<para>All software-based firewalls provide some way to filter
|
||||
incoming and outgoing traffic that flows through your system.
|
||||
|
|
@ -3010,7 +3010,7 @@ jdoe@example.org</screen>
|
|||
</itemizedlist>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<sect2 id="firewalls-rulesets">
|
||||
<title>Firewall Rule Set Types</title>
|
||||
<para>Constructing a software application firewall rule set may
|
||||
seem to be trivial, but most people get it wrong. The most
|
||||
|
|
@ -3055,7 +3055,7 @@ jdoe@example.org</screen>
|
|||
of attack.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<sect2 id="firewalls-apps">
|
||||
<title>Firewall Software Applications</title>
|
||||
<para>&os; has two different firewall software products built
|
||||
into the base system. They are IPFILTER (i.e. also known as IPF)
|
||||
|
|
@ -3107,7 +3107,7 @@ jdoe@example.org</screen>
|
|||
<ulink url="http://www.ipprimer.com/overview.cfm"></ulink>.</para>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<sect2 id="firewalls-pf">
|
||||
<title>The Packet Filter Firewall</title>
|
||||
|
||||
<para>As of July 2003 the OpenBSD firewall software application
|
||||
|
|
@ -3202,7 +3202,7 @@ pflog_flags="" # additional flags for pflogd startup</programli
|
|||
</sect3>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<sect2 id="firewalls-ipf">
|
||||
<title>The IPFILTER (IPF) Firewall</title>
|
||||
<para>The author of IPFILTER is Darren Reed. IPFILTER is not
|
||||
operating system dependent. IPFILTER is a open source
|
||||
|
|
@ -3351,9 +3351,8 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat</programlist
|
|||
script with symbolic substitution.</para>
|
||||
|
||||
<para>There is a way to build IPF rules that utilities the power of
|
||||
script symbolic substitution. See the Building Rule Script
|
||||
section.</para>
|
||||
|
||||
script symbolic substitution. For more information, see <xref
|
||||
linkend="firewalls-ipfw-rules-script">.</para>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
|
|
@ -4610,7 +4609,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
|
|||
</sect3>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<sect2 id="firewalls-ipfw">
|
||||
<title>IPFW</title>
|
||||
<para>The IPFIREWALL (IPFW) is a &os; sponsored firewall
|
||||
software application authored and maintained by &os;
|
||||
|
|
@ -4637,7 +4636,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
|
|||
'fwd rule' forward facility, the bridge facility, and the
|
||||
ipstealth facility.</para>
|
||||
|
||||
<sect3>
|
||||
<sect3 id="firewalls-ipfw-enable">
|
||||
<title>Enabling IPFW</title>
|
||||
<para>IPFW is included in the basic &os; install as a
|
||||
separate run time loadable module. IPFW will dynamically load
|
||||
|
|
@ -4666,7 +4665,7 @@ enabled, default to deny, logging disabled</screen>
|
|||
<programlisting>net.inet.ip.fw.verbose_limit=5</programlisting>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<sect3 id="firewalls-ipfw-kernel">
|
||||
<title>Kernel Options</title>
|
||||
<para>It is not a mandatory requirement that you enable IPFW by
|
||||
compiling the following options into the &os; kernel unless
|
||||
|
|
@ -4718,7 +4717,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
|||
</note>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<sect3 id="firewalls-ipfw-rc">
|
||||
<title><filename>/etc/rc.conf</filename> Options</title>
|
||||
<para>If you do not have IPFW compiled into your kernel you will
|
||||
need to load it with the following statement in your
|
||||
|
|
@ -4735,7 +4734,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
|||
<programlisting>firewall_logging="YES"</programlisting>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<sect3 id="firewalls-ipfw-cmd">
|
||||
<title>The IPFW Command</title>
|
||||
<para>The ipfw command is the normal vehicle for making manual
|
||||
single rule additions or deletions to the firewall active
|
||||
|
|
@ -4791,7 +4790,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
|||
<programlisting><command>ipfw zero NUM</command></programlisting>
|
||||
</sect3>
|
||||
|
||||
<sect3>
|
||||
<sect3 id="firewalls-ipfw-rules">
|
||||
<title>IPFW Rule Sets</title>
|
||||
<para>A rule set is a group of ipfw rules coded to allow or deny
|
||||
packets based on the values contained in the packet. The
|
||||
|
|
@ -4835,7 +4834,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
|||
careful, you can end up locking your self out.</para>
|
||||
</warning>
|
||||
|
||||
<sect4>
|
||||
<sect4 id="firewalls-ipfw-rules-syntax">
|
||||
<title>Rule Syntax</title>
|
||||
<para>The rule syntax presented here has been simplified to
|
||||
what is necessary to create a standard inclusive type
|
||||
|
|
@ -5078,8 +5077,8 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
|||
</para>
|
||||
</sect4>
|
||||
|
||||
<sect4>
|
||||
<title>Building Rule Script</title>
|
||||
<sect4 id="firewalls-ipfw-rules-script">
|
||||
<title>Building a Rule Script</title>
|
||||
<para>Most experienced IPFW users create a file containing the
|
||||
rules and code them in a manner compatible with running them
|
||||
as a script. The major benefit of doing this is the firewall
|
||||
|
|
|
|||
Loading…
Reference in a new issue