<!--
The FreeBSD Greek Documentation Project
%SOURCE% en_US.ISO8859-1/articles/dialup-firewall/article.sgml
%SRCID% 1.43
-->
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
<!ENTITY % articles.ent PUBLIC "-//FreeBSD//ENTITIES DocBook FreeBSD Articles Entity Set//EL">
%articles.ent;
]>
<article lang="el">
<articleinfo>
<title>Óýíäåóç ÌÝóù Ôçëåöþíïõ êáé Ôåß÷ïò Ðñïóôáóßáò óôï FreeBSD</title>
<authorgroup>
<author>
<firstname>Marc</firstname>
<surname>Silver</surname>
<affiliation>
<address><email>marcs@draenor.org</email></address>
</affiliation>
</author>
</authorgroup>
<pubdate>$FreeBSD$</pubdate>
<legalnotice id="trademarks" role="trademarks">
&tm-attrib.freebsd;
&tm-attrib.general;
</legalnotice>
<abstract>
<para>Áõôü ôï Üñèñï ðåñéãñÜöåé ðùò ìðïñåßôå íá ñõèìßóåôå Ýíá ôåß÷ïò ðñïóôáóßáò (firewall)
÷ñçóéìïðïéþíôáò ìéá PPP óýíäåóç ìÝóù ôçëåöþíïõ óôï FreeBSD ìå ôï IPFW.
Ðéï óõãêåêñéìÝíá, ðåñéãñÜöåé ôç ñýèìéóç åíüò ôåß÷ïõò ðñïóôáóßáò óå ìéá óýíäåóç ìÝóù ôçëåöþíïõ ðïõ
Ý÷åé äõíáìéêÞ IP äéåýèõíóç. Áõôü ôï êåßìåíï äåí áó÷ïëåßôáé ìå ôï ðùò
èá ñõèìßóåôå ôçí áñ÷éêÞ óáò óýíäåóç ìÝóù PPP. Ãéá ðåñéóóüôåñåò
ðëçñïöïñßåò ó÷åôéêÜ ìå ôéò ñõèìßóåéò ìéáò óýíäåóçò ìÝóù PPP äåßôå ôç
óåëßäá âïÞèåéáò &man.ppp.8;.</para>
</abstract>
</articleinfo>
<sect1 id="preface">
<title>Ðñüëïãïò</title>
<para>Áõôü ôï êåßìåíï ðåñéãñÜöåé ôçí äéáäéêáóßá ðïõ ÷ñåéÜæåôáé ãéá íá
ñõèìßóåôå Ýíá ôåß÷ïò ðñïóôáóßáò óôï FreeBSD üôáí ç IP äéåýèõíóç äßíåôáé äõíáìéêÜ
áðü ôïí ISP óáò. Ðáñüëï ðïõ Ý÷ù ðñïóðáèÞóåé íá êÜíù áõôü ôï êåßìåíï
üóï ôï äõíáôüí ðéï ðëÞñåò êáé óùóôü, åßóôå åõðñüóäåêôïé íá óôåßëåôå ôéò
äéïñèþóåéò, ôá ó÷üëéá Þ ôéò ðñïôÜóåéò óáò óôç äéåýèõíóç ôïõ óõããñáöÝá:
<email>marcs@draenor.org</email>.</para>
</sect1>
<sect1 id="kernel">
<title>ÐáñÜìåôñïé ôïõ ðõñÞíá</title>
<para>Ãéá íá ìðïñÝóåôå íá ÷ñçóéìïðïéÞóåôå ôï IPFW, ðñÝðåé íá åíóùìáôþóåôå
ôçí ó÷åôéêÞ õðïóôÞñéîç óôïí ðõñÞíá óáò. Ãéá ðåñéóóüôåñåò ðëçñïöïñßåò
ó÷åôéêÜ ìå ôç ìåôáãëþôôéóç ôïõ ðõñÞíá, äåßôå ôï <ulink
url="&url.books.handbook;/kernelconfig.html">ôìÞìá
ñõèìßóåùí ôïõ ðõñÞíá óôï Åã÷åéñßäéï</ulink>. Èá ðñÝðåé íá ðñïóèÝóåôå
ôéò ðáñáêÜôù åðéëïãÝò óôéò ñõèìßóåéò ôïõ ðõñÞíá óáò ãéá íá
åíåñãïðïéÞóåôå ôçí õðïóôÞñéîç ãéá ôï IPFW:</para>
<variablelist>
<varlistentry>
<term><literal>options IPFIREWALL</literal></term>
<listitem>
<para>Åíåñãïðïéåß ôïí êþäéêá ôåß÷ïõò ðñïóôáóßáò ôïõ ðõñÞíá.</para>
<note>
<para>Áõôü ôï êåßìåíï èåùñåß üôé Ý÷åôå åãêáôáóôÞóåé ôçí Ýêäïóç 5.X
ôïõ FreeBSD Þ ìéá ðéï ðñüóöáôç. Áí ÷ñçóéìïðïéåßôå ôçí Ýêäïóç 4.X,
ôüôå èá ðñÝðåé íá åíåñãïðïéÞóåôå ôçí åðéëïãÞ
<emphasis>IPFW2</emphasis> êáé íá äéáâÜóåôå ôç óåëßäá âïÞèåéáò
&man.ipfw.8; ãéá ðåñéóóüôåñåò ðëçñïöïñßåò ó÷åôéêÜ ìå ôçí åðéëïãÞ
IPFW2. ÐñïóÝîôå éäéáßôåñá ôï
ôìÞìá <emphasis>USING IPFW2 IN FreeBSD-STABLE</emphasis>.</para>
</note>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>options IPFIREWALL_VERBOSE</literal></term>
<listitem>
<para>ÓôÝëíåé ôá ìçíýìáôá ãéá ôá êáôÜëëçëá ðáêÝôá óôï log ôïõ
óõóôÞìáôïò.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>options
IPFIREWALL_VERBOSE_LIMIT=<replaceable>500</replaceable></literal></term>
<listitem>
<para>ÂÜæåé êÜðïéï üñéï óôéò öïñÝò ðïõ êÜðïéá åããñáöÞ èá
êáôáãñÜöåôáé. ¸ôóé ìðïñåßôå íá êáôáãñÜöåôå ôá ìçíýìáôá áðü ôï
ôåß÷ïò ðñïóôáóßáò ÷ùñßò ôïí êßíäõíï íá ãåìßóïõí ôá áñ÷åßá
êáôáãñáöÞò ôïõ óõóôÞìáôüò óáò áí äå÷ôåßôå êÜðïéá åðßèåóç.
Ôï üñéï <replaceable>500</replaceable> ìçíõìÜôùí åßíáé ìéá áñêåôÜ
ëïãéêÞ ôéìÞ, áëëÜ ìðïñåßôå íá ðñïóáñìüóåôå áõôÞ ôçí ôéìÞ áíÜëïãá
ìå ôéò áðáéôÞóåéò ôïõ äéêïý óáò äéêôýïõ.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>options IPDIVERT</literal></term>
<listitem>
<para>Åíåñãïðïéåß ôá <emphasis>divert</emphasis> sockets, ðïõ èá
äïýìå áñãüôåñá ôé êÜíïõí.</para>
</listitem>
</varlistentry>
</variablelist>
<warning>
<para>Ìüëéò ôåëåéþóåôå ìå ôéò ñõèìßóåéò êáé ôçí ìåôáãëþôôéóç ôïõ ðõñÞíá
óáò <emphasis>ìçí êÜíåôå åðáíåêêßíçóç!</emphasis> Áí êÜíåôå
åðáíåêêßíçóç óå áõôü ôï óçìåßï ìðïñåß íá êëåéäùèåßôå áðÝîù áðü ôï
óýóôçìÜ óáò. ÐñÝðåé íá ðåñéìÝíåôå ìÝ÷ñé íá åãêáôáóôáèïýí ïé êáíüíåò
ôïõ ôåß÷ïõò ðñïóôáóßáò êáé íá åíçìåñùèïýí üëá ôá ó÷åôéêÜ áñ÷åßá
ñõèìßóåùí.</para>
</warning>
</sect1>
<sect1 id="rcconf">
<title>ÁëëáãÝò óôï <filename>/etc/rc.conf</filename> ãéá íá öïñôþíåôáé
ôï ôåß÷ïò ðñïóôáóßáò</title>
<para>Ãéá íá åíåñãïðïéåßôáé ôï ôåß÷ïò ðñïóôáóßáò êáôÜ ôçí åêêßíçóç ôïõ
óõóôÞìáôïò êáé ãéá íá ïñßóåôå ôï áñ÷åßï ìå ôïõò êáíüíåò ôïõ ôåß÷ïõò
ðñïóôáóßáò, ðñÝðåé íá åíçìåñþóåôå ôï
áñ÷åßï <filename>/etc/rc.conf</filename>. ÁðëÜ ðñïóèÝóôå ôéò ðáñáêÜôù
ãñáììÝò:</para>
<programlisting>firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"</programlisting>
<para>Ãéá ðåñéóóüôåñåò ðëçñïöïñßåò ó÷åôéêÜ ìå ôç óçìáóßáò êáèåìéÜò áðü
áõôÝò ôéò ãñáììÝò, ñßîôå ìéá ìáôéÜ óôï
<filename>/etc/defaults/rc.conf</filename> êáé äéáâÜóôå ôçí man óåëßäá
&man.rc.conf.5;</para>
</sect1>
<sect1>
<title>ÅíåñãïðïéÞóôå ôçí ÅíóùìáôùìÝíç ÌåôÜöñáóç Äéåõèýíóåùí ôïõ PPP</title>
<para>Ãéá íá åðéôñÝøåôå óå Üëëá ìç÷áíÞìáôá ôïõ äéêôýïõ óáò íá óõíäÝïíôáé
ìå ôïí Ýîù êüóìï ìÝóù ôïõ FreeBSD, ÷ñçóéìïðïéþíôáò ôï
ùò <quote>ðýëç</quote>, èá ðñÝðåé íá åíåñãïðïéÞóåôå ôçí åíóùìáôùìÝíç
ìåôÜöñáóç äéåõèýíóåùí ôïõ PPP (NAT). Ãéá íá ãßíåé áõôü, ðñïóèÝóôå óôï
áñ÷åßï <filename>/etc/rc.conf</filename> ôéò ðáñáêÜôù ãñáììÝò:</para>
<programlisting>ppp_enable="YES"
ppp_mode="auto"
ppp_nat="YES"
ppp_profile="<replaceable>ðñïößë_ôçò_óýíäåóçò</replaceable>"</programlisting>
<para>Óôç èÝóç ôïõ <literal>ðñïößë_ôçò_óýíäåóçò</literal> ðñÝðåé íá âÜëåôå
ôï üíïìá ôçò óýíäåóÞò óáò, üðùò ôï Ý÷åôå áðïèçêåýóåé óôï
áñ÷åßï <filename>/etc/ppp/ppp.conf</filename>.</para>
</sect1>
<sect1 id="rules">
<title>Ïé êáíüíåò ôïõ firewall</title>
<para>Ôï ìüíï ðïõ áðïìÝíåé ôþñá åßíáé íá ïñßóïõìå ôïõò êáíüíåò ôïõ
firewall. Ïé êáíüíåò ôïõò ïðïßïõò ðåñéãñÜöïõìå åäþ åßíáé áñêåôÜ êáëïß
ãéá ôïõò ðåñéóóüôåñïõò ÷ñÞóôåò ìå dialup óýíäåóç, áëëÜ ïýôå õðï÷ñåùôéêïß
åßíáé, ïýôå åßíáé äõíáôüí íá ôáéñéÜæïõí ìå ôéò áíÜãêåò üëùí ôùí ÷ñçóôþí
dialup. Ìðïñïýí, üìùò, íá ÷ñçóéìåýóïõí ùò Ýíá êáëü ðáñÜäåéãìá ñõèìßóåùí
ôïõ IPFW êáé åßíáé ó÷åôéêÜ åýêïëï íá ôïõò ðñïóáñìüóåôå óôéò äéêÝò óáò
áíÜãêåò.</para>
<para>Áò áñ÷ßóïõìå üìùò ìå ôéò âáóéêÝò áñ÷Ýò åíüò êëåéóôïý ôåß÷ïõò
ðñïóôáóßáò. ¸íá êëåéóôü ôåß÷ïò ðñïóôáóßáò áðáãïñåýåé êáô' áñ÷Þí êÜèå
óýíäåóç. Ï äéá÷åéñéóôÞò ìðïñåß ýóôåñá íá ðñïóèÝóåé êáíüíåò ãéá íá
åðéôñÝøåé ìüíï óõãêåêñéìÝíåò óõíäÝóåéò íá ðåñíÜíå áðü ôï ôåß÷ïò
ðñïóôáóßáò. Ç ðéï óõíçèéóìÝíç óåéñÜ ôùí êáíüíùí óå Ýíá êëåéóôü ôåß÷ïò
åßíáé: ðñþôá ïé êáíüíåò ðïõ åðéôñÝðïõí ìåñéêÝò óõíäÝóåéò, êáé ôÝëïò ïé
êáíüíåò ðïõ áðáãïñåýïõí ïðïéáäÞðïôå Üëëç óýíäåóç. Ç ëïãéêÞ ðßóù áðü
áõôü åßíáé üôé ðñþôá âÜæåôå ôïõò êáíüíåò ðïõ åðéôñÝðïõí ðñÜãìáôá íá
ðåñÜóïõí êáé ýóôåñá üëá ôá Üëëá áðáãïñåýïíôáé áõôüìáôá.</para>
<para>ÖôéÜîôå, ëïéðüí, Ýíá êáôÜëïãï óôïí ïðïßï èá áðïèçêåýïíôáé ïé êáíüíåò
ôïõ ôåß÷ïõò ðñïóôáóßáò. Óå áõôü ôï Üñèñï ÷ñçóéìïðïéïýìå ùò ðáñÜäåéãìá
ôïí êáôÜëïãï <filename
class="directory">/etc/firewall</filename>. ÁëëÜîôå êáôÜëïãï ìÝóá óå
áõôüí êáé äçìéïõñãÞóôå ôï áñ÷åßï <filename>fwrules</filename> ðïõ ôï
üíïìÜ ôïõ åß÷áìå ãñÜøåé óôï <filename>rc.conf</filename>. Óçìåéþóôå ðùò
ìðïñåßôå íá áëëÜîåôå ôï üíïìá ôïõ áñ÷åßïõ áõôïý óå üôé èÝëåôå. Áõôüò ï
ïäçãüò äßíåé áõôü ôï üíïìá óáí ðáñÜäåéãìá êáé ìüíï.</para>
<para>Áò äïýìå ôþñá Ýíá ðáñÜäåéãìá ôåß÷ïõò ðñïóôáóßáò ìå áñêåôÜ
åðåîçãçìáôéêÜ ó÷üëéá.</para>
<programlisting># Define the firewall command (as in /etc/rc.firewall) for easy
# reference. Helps to make it easier to read.
fwcmd="/sbin/ipfw"
# Define our outside interface. With userland-ppp this
# defaults to tun0.
oif="tun0"
# Define our inside interface. This is usually your network
# card. Be sure to change this to match your own network
# interface.
iif="fxp0"
# Force a flushing of the current rules before we reload.
$fwcmd -f flush
# Divert all packets through the tunnel interface.
$fwcmd add divert natd all from any to any via tun0
# Check the state of all packets.
$fwcmd add check-state
# Stop spoofing on the outside interface.
$fwcmd add deny ip from any to any in via $oif not verrevpath
# Allow all connections that we initiate, and keep their state,
# but deny established connections that don't have a dynamic rule.
$fwcmd add allow ip from me to any out via $oif keep-state
$fwcmd add deny tcp from any to any established in via $oif
# Allow all connections within our network.
$fwcmd add allow ip from any to any via $iif
# Allow all local traffic.
$fwcmd add allow all from any to any via lo0
$fwcmd add deny all from any to 127.0.0.0/8
$fwcmd add deny ip from 127.0.0.0/8 to any
# Allow internet users to connect to the port 22 and 80.
# This example specifically allows connections to the sshd and a
# webserver.
$fwcmd add allow tcp from any to me dst-port 22,80 in via $oif setup keep-state
# Allow ICMP packets: remove type 8 if you don't want your host
# to be pingable.
$fwcmd add allow icmp from any to any via $oif icmptypes 0,3,8,11,12
# Deny and log all the rest.
$fwcmd add deny log ip from any to any</programlisting>
<para>Ôþñá Ý÷åôå Ýíá ïëïêëçñùìÝíï ôåß÷ïò ðñïóôáóßáò, ôï ïðïßï óõíäÝóåéò óôéò
èýñåò 22 êáé 80 êáé êáôáãñÜöåé üëåò ôéò Üëëåò óõíäÝóåéò óôï áñ÷åßï êáôáãñáöÞò ôïõ
óõóôÞìáôïò. ÐëÝïí åßóôå Ýôïéìïé ãéá åðáíåêêßíçóç. Ôï ôåß÷ïò ðñïóôáóßáò èá
åíåñãïðïéçèåß áõôüìáôá êáé èá öïñôþóåé ôïõò êáíüíåò ðïõ ðñïóèÝóáôå. Áí äå ãßíåé áõôü Þ Ý÷åôå
ïðïéáäÞðïôå ðñïâëÞìáôá, Þ áí Ý÷åôå êÜðïéåò ðñïôÜóåéò ãéá íá
äéïñèùèåß áõôü ôï Üñèñï, åðéêïéíùíÞóôå ìáæß ìïõ ìå email.</para>
</sect1>
<sect1>
<title>ÅñùôÞóåéò</title>
<qandaset>
<qandaentry>
<question>
<para>ÂëÝðù ìçíýìáôá üðùò <errorname>limit 500 reached on entry
2800</errorname> êáé ìåôÜ áðü áõôü ôï óýóôçìÜ ìïõ óôáìáôÜåé íá
êáôáãñÜöåé ôá ðáêÝôá ðïõ åìðïäßæïíôáé áðü ôï ôåß÷ïò ðñïóôáóßáò.
Äïõëåýåé áêüìá ôï firewall ìïõ;</para>
</question>
<answer>
<para>Áõôü áðëÜ óçìáßíåé ðùò Ý÷åé ÷ñçóéìïðïéçèåß ôï ìÝãéóôï üñéï
êáôáãñáöÞò (logging) ãéá áõôü ôïí êáíüíá. Ï êáíüíáò ï ßäéïò
åîáêïëïõèåß íá äïõëåýåé, áëëÜ äåí èá óôÝëíåé ðéá ìçíýìáôá óôï áñ÷åßï êáôáãñáöÞò
ôïõ óõóôÞìáôïò ìÝ÷ñé íá ìçäåíßóåôå ðÜëé ôïõò ìåôñçôÝò. Ìðïñåßôå
íá ìçäåíßóåôå ôïõò ìåôñçôÝò ìå ôçí åíôïëÞ</para>
<screen>&prompt.root; <userinput>ipfw resetlog</userinput></screen>
<para>ÅíáëëáêôéêÜ, ìðïñåßôå íá áõîÞóåôå ôï üñéï
êáôáãñáöÞò óôéò ñõèìßóåéò ôïõ ðõñÞíá óáò ìå ôçí åðéëïãÞ
<option>IPFIREWALL_VERBOSE_LIMIT</option> üðùò ðåñéãñÜøáìå
ðáñáðÜíù. Ìðïñåßôå íá áëëÜîåôå áõôü ôï üñéï (÷ùñßò íá
ìåôáãëùôôßóåôå ðÜëé ôïí ðõñÞíá óáò êáé íá êÜíåôå reboot)
÷ñçóéìïðïéþíôáò ôçí &man.sysctl.8; ôéìÞ
net.inet.ip.fw.verbose_limit.</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>ÊÜðïéï ëÜèïò ðñÝðåé íá Ýãéíå. Áêïëïýèçóá ôéò åíôïëÝò êáôÜ
ãñÜììá êáé ôþñá êëåéäþèçêá áðÝîù.</para>
</question>
<answer>
<para>Áõôüò ï ïäçãüò õðïèÝôåé üôé ÷ñçóéìïðïéåßôå ôï
<emphasis>userland-ppp</emphasis>, ãé áõôü êé ïé êáíüíåò ðïõ
äßíïíôáé ÷ñçóéìïðïéïýí ôï <devicename>tun0</devicename> interface,
ðïõ áíôéóôïé÷åß óôçí ðñþôç óýíäåóç ðïõ öôéÜ÷íåôáé ìå ôï
&man.ppp.8; (áëëéþò ãíùóôü êáé ùò <emphasis>user-ppp</emphasis>).
Ç åðüìåíç óýíäåóç èá ÷ñçóéìïðïéïýóå ôï
<devicename>tun1</devicename>, ìåôÜ ôï
<devicename>tun2</devicename> êáé ðÜåé ëÝãïíôáò.</para>
<para>Èá ðñÝðåé åðßóçò íá èõìÜóôå üôé ôï &man.pppd.8; ÷ñçóéìïðïéåß
ôï interface <devicename>ppp0</devicename>, ïðüôå áí îåêéíÞóåôå ôç
óýíäåóÞ óáò ìå ôï &man.pppd.8; èá ðñÝðåé íá áíôéêáôáóôÞóåôå ôï
<devicename>tun0</devicename> ìå <devicename>ppp0</devicename>.
ÐáñáêÜôù èá äåßîïõìå Ýíá åýêïëï ôñüðï íá áëëÜîåôå ôïõò êáíüíåò ôïõ
firewall êáôÜëëçëá. Ïé áñ÷éêïß êáíüíåò óþæïíôáé óå Ýíá áñ÷åßï ìå
üíïìá <filename>fwrules_tun0</filename>.</para>
<screen> &prompt.user; <userinput>cd /etc/firewall</userinput>
/etc/firewall&prompt.user; <userinput>su</userinput>
<prompt>Password:</prompt>
/etc/firewall&prompt.root; <userinput>mv fwrules fwrules_tun0</userinput>
/etc/firewall&prompt.root; <userinput>cat fwrules_tun0 | sed s/tun0/ppp0/g > fwrules</userinput>
</screen>
<para>Ãéá íá êáôáëÜâåôå áí ÷ñçóéìïðïéåßôå ôï &man.ppp.8; Þ ôï
&man.pppd.8; ìðïñåßôå íá åîåôÜóåôå ôçí Ýîïäï ôçò &man.ifconfig.8;
áöïý åíåñãïðïéçèåß ç óýíäåóÞ óáò. Ð.÷., ãéá ìéá óýíäåóç ðïõ
åíåñãïðïéÞèçêå áðü ôï &man.pppd.8; èá äåßôå êÜôé óáí áõôü
(äåß÷íïíôáé ìüíï ïé ó÷åôéêÝò ãñáììÝò):</para>
<screen> &prompt.user; <userinput>ifconfig</userinput>
<emphasis>(skipped...)</emphasis>
ppp0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable>
inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xff000000</replaceable>
<emphasis>(skipped...)</emphasis>
</screen>
<para>Áðü ôçí Üëëç, ãéá ìéá óýíäåóç ðïõ åíåñãïðïéÞèçêå ìå ôï
&man.ppp.8; (<emphasis>user-ppp</emphasis>) èÜ ðñåðå íá äåßôå êÜôé
ðáñüìïéï ìå ôï ðáñáêÜôù:</para>
<screen> &prompt.user; <userinput>ifconfig</userinput>
<emphasis>(skipped...)</emphasis>
ppp0: flags=<replaceable>8010<POINTOPOINT,MULTICAST> mtu 1500</replaceable>
<emphasis>(skipped...)</emphasis>
tun0: flags=<replaceable>8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524</replaceable>
<emphasis>(IPv6 stuff skipped...)</emphasis>
inet <replaceable>xxx.xxx.xxx.xxx</replaceable> --> <replaceable>xxx.xxx.xxx.xxx</replaceable> netmask <replaceable>0xffffff00</replaceable>
Opened by PID <replaceable>xxxxx</replaceable>
<emphasis>(skipped...)</emphasis></screen>
</answer>
</qandaentry>
</qandaset>
</sect1>
</article>
<!--
Local Variables:
mode: sgml
coding: iso-8859-7
sgml-indent-data: t
sgml-omittag: nil
sgml-always-quote-attributes: t
End:
-->