From ac6ca5366c85ebbe599e622ad51d68bcd2df2349 Mon Sep 17 00:00:00 2001 From: Denis Peplin Date: Wed, 15 Dec 2004 15:08:34 +0000 Subject: [PATCH] Add few "option", "command", and "filename" tags Huge amount of tags in this chapter still missed --- .../books/handbook/firewalls/chapter.sgml | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml index 6394192632..7e6ebb3fce 100644 --- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml @@ -437,8 +437,8 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnatipf -Fa -f /etc/ipf.rules - -Fa means flush all internal rules tables. - -f means this is the file to read for the rules to load. + means flush all internal rules tables. + means this is the file to read for the rules to load. This gives you the ability to make changes to their custom rules file, run the above IPF command thus updating the running @@ -491,7 +491,8 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnatTCP cksum fails(in): 0 (out): 0 Packet log flags set: (0) - When supplied with either -i for inbound or -o for outbound, + When supplied with either for inbound + or for outbound, it will retrieve and display the appropriate list of filter rules currently installed and in use by the kernel. @@ -521,8 +522,9 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat - One of the most important functions of the ipfstat command - is the -t flag which activates the display state table in a way + One of the most important functions of the + ipfstat command is the + flag which activates the display state table in a way similar to the way &man.top.1; shows the &os; running process table. When your firewall is under attack this function gives you the ability to identify, drill down to, and see the @@ -539,7 +541,7 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat + flag. Daemon mode is for when you want to have a continuous system log file available so you can review logging of past @@ -548,7 +550,7 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnatrc.conf file you see the - ipmon_flags statement uses the "-Ds" flags + ipmon_flags statement uses the flags ipmon_flags="-Ds" # D = start as daemon # s = log to syslog @@ -578,7 +580,7 @@ ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnatSyslogd uses its own special method for segregation of log data. It uses special grouping called facility - and level. IPMON in -Ds mode uses Local0 as the + and level. IPMON in mode uses Local0 as the facility name. All IPMON logged data goes to Local0. The following levels can be used to further segregate the logged data if desired. @@ -624,7 +626,7 @@ LOG_ERR - packets which have been logged and which can be considered short The Format of Logged Messages - Messages generated by ipmon consist of data fields + Messages generated by ipmon consist of data fields separated by white space. Fields common to all messages are: @@ -650,7 +652,7 @@ LOG_ERR - packets which have been logged and which can be considered short - These can be viewed with ipfstat -in. + These can be viewed with ipfstat -in. @@ -749,7 +751,7 @@ EOF That is all there is to it. The rules are not important in this example, how the Symbolic substitution field are populated - and used are. If the above example was in /etc/ipf.rules.script + and used are. If the above example was in /etc/ipf.rules.script file, you could reload these rules by entering this on the command line: @@ -1457,7 +1459,7 @@ block in log first quick on dc0 all When changing the NAT rules after NAT has been started, Make your changes to the file containing the nat rules, then run ipnat command with - the -CF flags to delete the internal in use + the flags to delete the internal in use NAT rules and flush the contents of the translation table of all active entries.