os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
17826 commits 1 branch 79 tags 298 MiB
Commit graph

80 commits

Author SHA1 Message Date
Fukang Chen
d3d9272c52 s/option divert/option IPDIVERT/ to enable support for divert sockets. 
Obtained from:          The FreeBSD Simplified Chinese Project
Submitted by:           zheng chengfu (iheaing at gmail.com)
 2008-03-01 17:50:03 +00:00
Remko Lodder
ac6bf8b645 s/IPF/PF/ (with acronym tags around it as was the case before modifying 
the text).

Noticed by:	danger
 2008-01-17 17:50:30 +00:00
Remko Lodder
8733db6ed1 IPF does not have ALTQ support (or at least not that I and several others 
could find) so remove it from the information, give an example on how
such a setup can be achieved.

PR:		docs/113464
Submitted by:	Josh Paetzel <josh at tcbug dot org>
Inspired by:	Marc Silver <marcs at draenor dot org> (slightly rewritten
		by me).
 2008-01-17 13:38:31 +00:00
Remko Lodder
8480a57a44 s/examble/example/ 2007-12-28 20:17:18 +00:00
Tom Rhodes
89c2fddcd7 Add a space to separate two words. 2007-10-06 00:04:22 +00:00
Remko Lodder
babc93b92a Remove a section about ipfilter FTP Proxy Bugs, which were resolved in 
version 3.4.3 released in 2000, a little ago.

PR:		docs/95263
Submitted by:	Joe <fbsd_user at a1poweruser dot com>
 2007-07-02 19:46:27 +00:00
Peter Pentchev
ac0dc22ace Fix an address specification in the IPNAT port redirection example. 
Left as 0/32, it would only redirect Very Weird Packets(tm), while
as 0.0.0.0/0 it will indeed process all the traffic as intended.

Submitted by:	"Michael P. Soulier" <msoulier@digitaltorque.ca>
 2007-04-25 15:01:58 +00:00
Xin LI
af80ec8c86 Remove an unnecessary sentence. 2006-11-17 14:37:11 +00:00
Tom Rhodes
f0a1a631d6 Replace some confusing text about "IPFW being loaded/not being loaded/blah" 
with some more relevent and clear text about using rc.conf to load the
firewall.

PR		99336
Discussed with:	keramida (follow up to PR, etc.)
 2006-10-10 02:56:06 +00:00
Daniel Gerzo
da68e1b2ca Add some bits about firewall_script and firewall_type rc.conf 
variables to ipfw section.

Reviewed by: trhodes
Approved by: keramida (mentor)
PR: docs/93764
 2006-08-26 00:13:26 +00:00
Giorgos Keramidas
74dc593238 ipnat doesn't support IP ranges with a.b.c.d-w.x.y.z notation, 
but only with /netmask or /cidr notation

PR:		docs/95261
Submitted by:	fbsd_user@a1poweruser.com
 2006-08-08 20:22:08 +00:00
Dmitry Morozovsky
1f21c1cd4c Clean a couple of 4.X references. 2006-06-20 10:55:38 +00:00
Tom Rhodes
e665ef072f Document "firewall_type" in this chapter. 
PR:	38772
 2006-06-07 05:34:30 +00:00
Tom Rhodes
3f0d1b56f0 Do what I swore would be done: 
o Remove 4.X information, this includes notes and sections.

o Update documentation to reflect 5.X and 6.X.

o In some areas, try to make the new content version agnostic.

o Skip areas stating "5.[0-5] and later" as it's relevant - we
need a better way to handle these.

For several items, I checked the NOTES files, manual pages,
CVS history, etc.

Discussed on:		-doc
A few ideas from:	remko
 2006-05-30 23:08:25 +00:00
Giorgos Keramidas
97253f8b53 Point to the searchable archives of the opensource IPFilter mailing list, 
at marc.aimsgroup.com.

PR:		docs/95264
Submitted by:	fbsd_user@a1poweruser.com
 2006-05-10 18:44:04 +00:00
Jesus R. Camou
8b6b3736bb Note the use of NOINET6 on the FreeBSD 5.X series. 
Submitted by:	Daniel Gerzo <danger at rulez.sk>
Approved by:	trhodes (mentor)
 2006-02-07 17:00:51 +00:00
Jesus R. Camou
5ec730e921 s/NOINET6/NO_INET6/ 
PR:		docs/92816
Submitted by:	Daniel Gerzo <danger@rulez.sk>
Approved by:	trhodes (mentor)
 2006-02-06 19:13:19 +00:00
Brad Davis
e4de67ee62 - Restructure part of the PF section. 
- Add general info about enabling PF and creating rulsets.

PR:		docs/92113
Submitted by:	Daniel Gerzo <danger at rulez dot sk>
Reviewed by:	simon@ and ceri@
Approved by:	ceri@
 2006-01-22 22:20:42 +00:00
Xin LI
e140896ec8 Escape <, >, &'s, plus some cleanups against the SGML. There should not 
be any content changes involved in this commit, however, localization
teams are encouraged to catch up with this change.

Requested by:	intron at intron ac
Reviewed by:	Niclas Zeising <lothrandil at n00b apagnu se>
Glanced by:	simon
 2006-01-05 20:03:39 +00:00
Marc Fonvieille
d9e3f806ca In IPFW section: point people to network-natd section when it's time to 
configure the system via rc.conf.  This avoids to repeat things and
allows the reader to complete the natd(8) configuration.

Based on PR:		docs/81199
Submitted by:		Rong-En Fan <rafan@infor.org>
 2005-05-19 09:13:32 +00:00
Marc Fonvieille
b0f21913af Typo 
PR:		docs/81242
Submitted by:	David Adam <zanchey@ucc.gu.uwa.edu.au>
 2005-05-19 08:42:49 +00:00
Remko Lodder
ee8497f48c Add forgotten spaces and add 2 non breaking spaces for &os; 5.X and 4.X. 
Noticed by:		blackend
Forgotten by:		remko (me)
 2005-05-08 14:15:43 +00:00
Remko Lodder
280011b864 Update the IPMON section by making it suitable for 5.X (and reference 
4.X for people still using 4.X).

PR:			docs/79543
Submitted by:		<fbsd_user at a1poweruser dot com>
 2005-05-08 12:45:29 +00:00
Remko Lodder
76a6af4884 Let portredirection be rdr instead of map (which is NAT). 
Noticed by:		Andrius Paurys <shaman at shaman dot velniai dot net>
 2005-05-01 20:44:49 +00:00
Simon L. B. Nielsen
bac2a185c2 - Reword some text. 
- Use firewall package instead of firewall software application.
- Do not say non-stateful firewall's are "legacy" since they still
  make sense in some cases.
- Move paragraph about /etc/rc.firewall to the ipfw section and don't
  say it's outdates, just simple. [1]

Inspired by:	den [1]
 2005-03-31 21:11:56 +00:00
Simon L. B. Nielsen
9dfb6473b5 Add a note about the IPF and IPFW sections being work-in-progress. This 
is far from a good situation, but it's better to be up front about it.

Discussed with:	den, remko
 2005-03-31 19:38:18 +00:00
Max Laier
9e9bc62ee3 Add notes about required kernel options for PF as a module and explain how 
to build an IPv6-less setup.

Approved by:	simon
Inspired by PR:	kern/70401
 2005-03-16 12:57:30 +00:00
Denis Peplin
d4eaf157ee Note: ... -> <note> ... </note>, and align according this change 
No other content changes
 2005-03-09 11:43:14 +00:00
Denis Peplin
60329bff15 Small whitespace fix (for lines missed in previous fix) 
Translators can ignore
 2005-03-09 11:32:15 +00:00
Xin LI
930f075192 When talking about avoiding information disclosure, we generally 
say we will be able to delay the actual break-in, since crackers
can still manage to get into the system if there is a hole.  So,
prefer saying "we can delay the actual attack" rather than "the
system is more secure".

Reviewed by:	trhodes
 2005-03-08 08:15:50 +00:00
Simon L. B. Nielsen
72a75ac933 Improve some mark-up and wording a bit. 2005-03-05 00:30:36 +00:00
Simon L. B. Nielsen
88e11abb3d - Whitespace cleanup which change rendered output. Should not be 
ignored by translators.
- Fix some English grammar.
- Add missing punctuation.

Submitted by:	Siebrand Mazeland <s.mazeland@xs4all.nl>
 2005-03-04 23:21:07 +00:00
Simon L. B. Nielsen
5daadaaa0e Whitespace cleanup. No content change - translators can ignore. 
Submitted by:	Siebrand Mazeland <s.mazeland@xs4all.nl>
No objections:	-doc
 2005-03-04 23:11:23 +00:00
Denis Peplin
8a02bc7059 Add warning to describe relation between rc.conf firewall_logging variable and 
sysctl net.ip.fw.verbose variable; suggest to set net.inet.ip.fw.verbose_limit
variable via sysctl.conf (it is impossible to set it via rc.conf variables).

Discussed with (and my English fixed by):	trhodes
 2005-03-04 08:04:06 +00:00
Simon L. B. Nielsen
70c3e505a0 Add information on setting up ATLQ. 
PR:		docs/78096
Submitted by:	Brad Davis <so14k@so14k.com>
Input from:	mlaier, trhodes
 2005-03-01 21:45:02 +00:00
Simon L. B. Nielsen
e76a5c0df4 Lan -> LAN in the firewall section. 
PR:		docs/78120
Submitted by:	Brad Davis <so14k@so14k.com>
 2005-02-26 16:04:36 +00:00
Denis Peplin
f289e524dc Note that the search continues after count, skipto and tee rules. 2005-02-25 12:12:20 +00:00
Denis Peplin
cb0cdc678c s/RULE#/RULE_NUMBER/ to not to mix with comments that was noted above 2005-02-25 11:43:46 +00:00
Denis Peplin
5efe9d3163 Mark a few annoying things in addition to marked ones 2005-02-25 11:39:12 +00:00
Denis Peplin
1a5ab23a37 Obtain yet another text from old security chapter (rev. 1.229) 
to replace IPFIREWALL_VERBOSE_LIMIT description.

Improved by:	trhodes
 2005-02-25 09:07:37 +00:00
Denis Peplin
a4ef4737ba "only way -> one of the ways" for testing rules via counters 2005-02-25 07:59:32 +00:00
Denis Peplin
8d8b75c568 Fix instructions related to IPFW logging. 2005-02-25 07:43:07 +00:00
Simon L. B. Nielsen
a01576d36a Remove more contractions. 
PR:		docs/77775
Submitted by:	Siebrand Mazeland <s.mazeland@xs4all.nl>
 2005-02-20 14:11:46 +00:00
Simon L. B. Nielsen
dc9009c533 Remove more contractions. 
Submitted by:	Joel Dahl <joel@automatvapen.se>
 2005-02-20 14:04:14 +00:00
Simon L. B. Nielsen
5c16ea2707 Remove some contractions. 
Submitted by:	Joel Dahl <joel@automatvapen.se>
PR:		docs/77729
 2005-02-19 14:03:54 +00:00
Denis Peplin
b0883cea4b Add id to "Building the Rule Script with Symbolic Substitution" section 
and fix xref to this section.
 2005-02-18 12:08:24 +00:00
Denis Peplin
20496a58ed Rewrite warning about remote firewall setup. 
New version mostly obtained from old security
chapter (rev. 1.229).

With fixes from:	simon, roam
 2005-02-18 11:37:11 +00:00
Denis Peplin
48da93688b note -> warning, remove "should use" comment 2005-02-15 15:09:42 +00:00
Denis Peplin
3a9eb81f2b Change title for "Building the Rule Script" section to 
"Building the Rule Script with Symbolic Substitution"

Reviewed by:	remko
 2005-02-14 14:25:44 +00:00
Simon L. B. Nielsen
8ddd739127 Be consistent and change '[P|p]orts collection' -> 'Ports Collection' 
as per the FDP Primer word list.

Submitted by:	Siebrand Mazeland <s.mazeland@xs4all.nl>
PR:		docs/76324
 2005-02-13 10:24:10 +00:00