From a600fdcb90f256bfc07ec6d7022af3cb08b2465e Mon Sep 17 00:00:00 2001 From: Murray Stokely Date: Sat, 4 Dec 2004 22:17:07 +0000 Subject: [PATCH] Add id attributes to sections, and remove one static reference ('see the blah blah section') to an xref, which will automatically be updated should the section name change or be moved. --- .../books/handbook/security/chapter.sgml | 33 +++++++++---------- 1 file changed, 16 insertions(+), 17 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml index 81b67412e7..cd199d79df 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml @@ -2972,7 +2972,7 @@ jdoe@example.org security firewalls - + Introduction All software-based firewalls provide some way to filter incoming and outgoing traffic that flows through your system. @@ -3010,7 +3010,7 @@ jdoe@example.org - + Firewall Rule Set Types Constructing a software application firewall rule set may seem to be trivial, but most people get it wrong. The most @@ -3055,7 +3055,7 @@ jdoe@example.org of attack. - + Firewall Software Applications &os; has two different firewall software products built into the base system. They are IPFILTER (i.e. also known as IPF) @@ -3107,7 +3107,7 @@ jdoe@example.org . - + The Packet Filter Firewall As of July 2003 the OpenBSD firewall software application @@ -3202,7 +3202,7 @@ pflog_flags="" # additional flags for pflogd startup - + The IPFILTER (IPF) Firewall The author of IPFILTER is Darren Reed. IPFILTER is not operating system dependent. IPFILTER is a open source @@ -3351,9 +3351,8 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat There is a way to build IPF rules that utilities the power of - script symbolic substitution. See the Building Rule Script - section. - + script symbolic substitution. For more information, see . @@ -4610,7 +4609,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state - + IPFW The IPFIREWALL (IPFW) is a &os; sponsored firewall software application authored and maintained by &os; @@ -4637,7 +4636,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state - + Enabling IPFW IPFW is included in the basic &os; install as a separate run time loadable module. IPFW will dynamically load @@ -4666,7 +4665,7 @@ enabled, default to deny, logging disabled net.inet.ip.fw.verbose_limit=5 - + Kernel Options It is not a mandatory requirement that you enable IPFW by compiling the following options into the &os; kernel unless @@ -4718,7 +4717,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT - + <filename>/etc/rc.conf</filename> Options If you do not have IPFW compiled into your kernel you will need to load it with the following statement in your @@ -4735,7 +4734,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT firewall_logging="YES" - + The IPFW Command The ipfw command is the normal vehicle for making manual single rule additions or deletions to the firewall active @@ -4791,7 +4790,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT ipfw zero NUM - + IPFW Rule Sets A rule set is a group of ipfw rules coded to allow or deny packets based on the values contained in the packet. The @@ -4835,7 +4834,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT careful, you can end up locking your self out. - + Rule Syntax The rule syntax presented here has been simplified to what is necessary to create a standard inclusive type @@ -5078,8 +5077,8 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT - - Building Rule Script + + Building a Rule Script Most experienced IPFW users create a file containing the rules and code them in a manner compatible with running them as a script. The major benefit of doing this is the firewall