os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add id attributes to sections, and remove one static reference ('see

Browse source 
the blah blah section') to an xref, which will automatically be
updated should the section name change or be moved.
This commit is contained in:
Murray Stokely 2004-12-04 22:17:07 +00:00
parent 9ed12089ab
commit a600fdcb90
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=23123
1 changed files with 16 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -2972,7 +2972,7 @@ jdoe@example.org</screen>
<primary>security</primary> <primary>security</primary>
<secondary>firewalls</secondary> <secondary>firewalls</secondary>
</indexterm> </indexterm>
<sect2> <sect2 id="firewalls-intro">
<title>Introduction</title> <title>Introduction</title>
<para>All software-based firewalls provide some way to filter <para>All software-based firewalls provide some way to filter
incoming and outgoing traffic that flows through your system. incoming and outgoing traffic that flows through your system.
@ -3010,7 +3010,7 @@ jdoe@example.org</screen>
</itemizedlist> </itemizedlist>
</sect2> </sect2>
<sect2> <sect2 id="firewalls-rulesets">
<title>Firewall Rule Set Types</title> <title>Firewall Rule Set Types</title>
<para>Constructing a software application firewall rule set may <para>Constructing a software application firewall rule set may
seem to be trivial, but most people get it wrong. The most seem to be trivial, but most people get it wrong. The most
@ -3055,7 +3055,7 @@ jdoe@example.org</screen>
of attack.</para> of attack.</para>
</sect2> </sect2>
<sect2> <sect2 id="firewalls-apps">
<title>Firewall Software Applications</title> <title>Firewall Software Applications</title>
<para>&os; has two different firewall software products built <para>&os; has two different firewall software products built
into the base system. They are IPFILTER (i.e. also known as IPF) into the base system. They are IPFILTER (i.e. also known as IPF)
@ -3107,7 +3107,7 @@ jdoe@example.org</screen>
<ulink url="http://www.ipprimer.com/overview.cfm"></ulink>.</para> <ulink url="http://www.ipprimer.com/overview.cfm"></ulink>.</para>
</sect2> </sect2>
<sect2> <sect2 id="firewalls-pf">
<title>The Packet Filter Firewall</title> <title>The Packet Filter Firewall</title>
<para>As of July 2003 the OpenBSD firewall software application <para>As of July 2003 the OpenBSD firewall software application
@ -3202,7 +3202,7 @@ pflog_flags="" # additional flags for pflogd startup</programli
</sect3> </sect3>
</sect2> </sect2>
<sect2> <sect2 id="firewalls-ipf">
<title>The IPFILTER (IPF) Firewall</title> <title>The IPFILTER (IPF) Firewall</title>
<para>The author of IPFILTER is Darren Reed. IPFILTER is not <para>The author of IPFILTER is Darren Reed. IPFILTER is not
operating system dependent. IPFILTER is a open source operating system dependent. IPFILTER is a open source
@ -3351,9 +3351,8 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat</programlist
script with symbolic substitution.</para> script with symbolic substitution.</para>
<para>There is a way to build IPF rules that utilities the power of <para>There is a way to build IPF rules that utilities the power of
script symbolic substitution. See the Building Rule Script script symbolic substitution. For more information, see <xref
section.</para> linkend="firewalls-ipfw-rules-script">.</para>
</sect3> </sect3>
<sect3> <sect3>
@ -4610,7 +4609,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
</sect3> </sect3>
</sect2> </sect2>
<sect2> <sect2 id="firewalls-ipfw">
<title>IPFW</title> <title>IPFW</title>
<para>The IPFIREWALL (IPFW) is a &os; sponsored firewall <para>The IPFIREWALL (IPFW) is a &os; sponsored firewall
software application authored and maintained by &os; software application authored and maintained by &os;
@ -4637,7 +4636,7 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
'fwd rule' forward facility, the bridge facility, and the 'fwd rule' forward facility, the bridge facility, and the
ipstealth facility.</para> ipstealth facility.</para>
<sect3> <sect3 id="firewalls-ipfw-enable">
<title>Enabling IPFW</title> <title>Enabling IPFW</title>
<para>IPFW is included in the basic &os; install as a <para>IPFW is included in the basic &os; install as a
separate run time loadable module. IPFW will dynamically load separate run time loadable module. IPFW will dynamically load
@ -4666,7 +4665,7 @@ enabled, default to deny, logging disabled</screen>
<programlisting>net.inet.ip.fw.verbose_limit=5</programlisting> <programlisting>net.inet.ip.fw.verbose_limit=5</programlisting>
</sect3> </sect3>
<sect3> <sect3 id="firewalls-ipfw-kernel">
<title>Kernel Options</title> <title>Kernel Options</title>
<para>It is not a mandatory requirement that you enable IPFW by <para>It is not a mandatory requirement that you enable IPFW by
compiling the following options into the &os; kernel unless compiling the following options into the &os; kernel unless
@ -4718,7 +4717,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
</note> </note>
</sect3> </sect3>
<sect3> <sect3 id="firewalls-ipfw-rc">
<title><filename>/etc/rc.conf</filename> Options</title> <title><filename>/etc/rc.conf</filename> Options</title>
<para>If you do not have IPFW compiled into your kernel you will <para>If you do not have IPFW compiled into your kernel you will
need to load it with the following statement in your need to load it with the following statement in your
@ -4735,7 +4734,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
<programlisting>firewall_logging="YES"</programlisting> <programlisting>firewall_logging="YES"</programlisting>
</sect3> </sect3>
<sect3> <sect3 id="firewalls-ipfw-cmd">
<title>The IPFW Command</title> <title>The IPFW Command</title>
<para>The ipfw command is the normal vehicle for making manual <para>The ipfw command is the normal vehicle for making manual
single rule additions or deletions to the firewall active single rule additions or deletions to the firewall active
@ -4791,7 +4790,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
<programlisting><command>ipfw zero NUM</command></programlisting> <programlisting><command>ipfw zero NUM</command></programlisting>
</sect3> </sect3>
<sect3> <sect3 id="firewalls-ipfw-rules">
<title>IPFW Rule Sets</title> <title>IPFW Rule Sets</title>
<para>A rule set is a group of ipfw rules coded to allow or deny <para>A rule set is a group of ipfw rules coded to allow or deny
packets based on the values contained in the packet. The packets based on the values contained in the packet. The
@ -4835,7 +4834,7 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
careful, you can end up locking your self out.</para> careful, you can end up locking your self out.</para>
</warning> </warning>
<sect4> <sect4 id="firewalls-ipfw-rules-syntax">
<title>Rule Syntax</title> <title>Rule Syntax</title>
<para>The rule syntax presented here has been simplified to <para>The rule syntax presented here has been simplified to
what is necessary to create a standard inclusive type what is necessary to create a standard inclusive type
@ -5078,8 +5077,8 @@ options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
</para> </para>
</sect4> </sect4>
<sect4> <sect4 id="firewalls-ipfw-rules-script">
<title>Building Rule Script</title> <title>Building a Rule Script</title>
<para>Most experienced IPFW users create a file containing the <para>Most experienced IPFW users create a file containing the
rules and code them in a manner compatible with running them rules and code them in a manner compatible with running them
as a script. The major benefit of doing this is the firewall as a script. The major benefit of doing this is the firewall