Remove EOL whitespace.
Translators: this is a whitespace only commit.
This commit is contained in:
Giorgos Keramidas
parent
413e667369
commit
b3347b0fdf
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=11356
1 changed files with 18 additions and 18 deletions
|
|
@ -34,19 +34,19 @@
|
|||
|
||||
<sect1 id="preface">
|
||||
<title>Preface</title>
|
||||
|
||||
|
||||
<para>Dialup Firewalling with FreeBSD</para>
|
||||
|
||||
<para>This document covers the process that is required to setup
|
||||
firewalling with FreeBSD when an IP address is assigned dynamically
|
||||
firewalling with FreeBSD when an IP address is assigned dynamically
|
||||
by your ISP. While every effort has been made to make this document
|
||||
as informative and correct as possible, you are welcome to mail your
|
||||
comments/suggestions to the <email>marcs@draenor.org</email>.</para>
|
||||
comments/suggestions to the <email>marcs@draenor.org</email>.</para>
|
||||
</sect1>
|
||||
|
||||
<sect1 id="kernel">
|
||||
<title>Kernel Options</title>
|
||||
|
||||
|
||||
<para>The first thing you will need to do is recompile your kernel.
|
||||
If you need more information on how to recompile the kernel,
|
||||
then the best place to start is the <ulink
|
||||
|
|
@ -113,7 +113,7 @@
|
|||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>Do not reboot once you have recompiled the kernel. Hopefully,
|
||||
<para>Do not reboot once you have recompiled the kernel. Hopefully,
|
||||
we will only need to reboot once to complete the installation of the
|
||||
firewall.</para>
|
||||
</sect1>
|
||||
|
|
@ -121,27 +121,27 @@
|
|||
<sect1 id="rcconf">
|
||||
<title>Changing <filename>/etc/rc.conf</filename> to load the
|
||||
firewall</title>
|
||||
|
||||
|
||||
<para>We now need to make some changes to
|
||||
<filename>/etc/rc.conf</filename> in order to tell it about the
|
||||
firewall. Simply add the following lines:</para>
|
||||
|
||||
|
||||
<programlisting>firewall_enable="YES"
|
||||
firewall_script="/etc/firewall/fwrules"
|
||||
natd_enable="YES"
|
||||
natd_interface="tun0"
|
||||
natd_flags="-dynamic"</programlisting>
|
||||
|
||||
<para>For more information on the functions of these statements take
|
||||
<para>For more information on the functions of these statements take
|
||||
a look at <filename>/etc/defaults/rc.conf</filename> and read
|
||||
&man.rc.conf.5;</para>
|
||||
</sect1>
|
||||
|
||||
|
||||
<sect1>
|
||||
<title>Disable PPP's network address translation</title>
|
||||
|
||||
|
||||
<para>You may already be using PPP's built in network address
|
||||
translation (NAT). If that is the case then you will have to disable
|
||||
translation (NAT). If that is the case then you will have to disable
|
||||
it, as these examples use &man.natd.8; to do the same.</para>
|
||||
|
||||
<para>If you already have a block of entries to
|
||||
|
|
@ -152,7 +152,7 @@ ppp_mode="auto"
|
|||
ppp_nat="YES"
|
||||
ppp_profile="<replaceable>profile</replaceable>"</programlisting>
|
||||
|
||||
<para>If so, remove the <literal>ppp_nat="YES"</literal> line. You will
|
||||
<para>If so, remove the <literal>ppp_nat="YES"</literal> line. You will
|
||||
also need to remove any <literal>nat enable yes</literal> or
|
||||
<literal>alias enable yes</literal> in
|
||||
<filename>/etc/ppp/ppp.conf</filename>.</para>
|
||||
|
|
@ -160,7 +160,7 @@ ppp_profile="<replaceable>profile</replaceable>"</programlisting>
|
|||
|
||||
<sect1 id="rules">
|
||||
<title>The ruleset for the firewall</title>
|
||||
|
||||
|
||||
<para>We are nearly done now. All that remains now is to define
|
||||
the firewall rules and then we can reboot and the firewall
|
||||
should be up and running. I realize that everyone will want
|
||||
|
|
@ -188,7 +188,7 @@ ppp_profile="<replaceable>profile</replaceable>"</programlisting>
|
|||
<programlisting># Firewall rules
|
||||
# Written by Marc Silver (marcs@draenor.org)
|
||||
# http://draenor.org/ipfw
|
||||
# Freely distributable
|
||||
# Freely distributable
|
||||
|
||||
|
||||
# Define the firewall command (as in /etc/rc.firewall) for easy
|
||||
|
|
@ -236,15 +236,15 @@ $fwcmd add 65435 deny log ip from any to any</programlisting>
|
|||
|
||||
<para>You now have a fully functional firewall that will allow on
|
||||
connections to ports 80 and 22 and will log any other connection
|
||||
attempts. Now, you should be able to safely reboot and your firewall
|
||||
should come up fine. If you find this incorrect in anyway or experience
|
||||
any problems, or have any suggestions to improve this page, please
|
||||
attempts. Now, you should be able to safely reboot and your firewall
|
||||
should come up fine. If you find this incorrect in anyway or experience
|
||||
any problems, or have any suggestions to improve this page, please
|
||||
email me.</para>
|
||||
</sect1>
|
||||
|
||||
<sect1>
|
||||
<title>Questions</title>
|
||||
|
||||
|
||||
<qandaset>
|
||||
<qandaentry>
|
||||
<question>
|
||||
|
|
|
|||
Loading…
Reference in a new issue