Wrap lines that were too long.

Only whitespace changes.
This commit is contained in:
Giorgos Keramidas 2001-12-06 21:13:56 +00:00
parent b3347b0fdf
commit f54121bd7f
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/head/; revision=11357

View file

@ -94,10 +94,10 @@
</varlistentry>
</variablelist>
<para>There are some other <emphasis>optional</emphasis> items that you can compile
into the kernel for some added security. These are not required in
order to get firewalling to work, but some more paranoid users may
want to use them.</para>
<para>There are some other <emphasis>optional</emphasis> items that you
can compile into the kernel for some added security. These are not
required in order to get firewalling to work, but some more paranoid
users may want to use them.</para>
<variablelist>
<varlistentry>
@ -107,8 +107,8 @@
<para>This option ignores TCP packets with SYN and FIN. This
prevents tools such as nmap etc from identifying the TCP/IP
stack of the machine, but breaks support for RFC1644
extensions. This is <emphasis>not</emphasis> recommended if the machine will be
running a web server.</para>
extensions. This is <emphasis>not</emphasis> recommended if the
machine will be running a web server.</para>
</listitem>
</varlistentry>
</variablelist>
@ -305,8 +305,8 @@ $fwcmd add 65435 deny log ip from any to any</programlisting>
<emphasis>anything</emphasis> being diverted through the
<devicename>tun0</devicename> device. As far as it is
concerned incoming packets will speak only to the
dynamically assigned IP address and <emphasis>not</emphasis> to the internal
network. Note though that you can add a rule like
dynamically assigned IP address and <emphasis>not</emphasis> to
the internal network. Note though that you can add a rule like
<literal>$fwcmd add deny all from 192.168.0.4:255.255.0.0
to any via tun0</literal> which would limit a host on your
internal network from going out via the firewall.</para>