aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDima Dorfman <dd@FreeBSD.org>2001-08-30 11:03:57 +0000
committerDima Dorfman <dd@FreeBSD.org>2001-08-30 11:03:57 +0000
commit551a4293e5d7a7e822078442642c7eb94dd46397 (patch)
treee598802beb114a03bcd77e3490b59d450f390e76
parent13cb1102a8f890bd6314a133f82bba5f39e9fb50 (diff)
downloaddoc-551a4293e5d7a7e822078442642c7eb94dd46397.tar.gz
doc-551a4293e5d7a7e822078442642c7eb94dd46397.zip
Assorted mechanical fixes.
PR: 29841 Submitted by: root@www-1.wr.usgs.gov
Notes
Notes: svn path=/head/; revision=10498
-rw-r--r--en_US.ISO8859-1/articles/dialup-firewall/article.sgml72
1 files changed, 36 insertions, 36 deletions
diff --git a/en_US.ISO8859-1/articles/dialup-firewall/article.sgml b/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
index 436bb28e1c..5b7145b071 100644
--- a/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
+++ b/en_US.ISO8859-1/articles/dialup-firewall/article.sgml
@@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/en_US.ISO8859-1/articles/dialup-firewall/article.sgml,v 1.10 2001/07/06 13:02:48 dd Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/articles/dialup-firewall/article.sgml,v 1.11 2001/07/20 07:42:09 dd Exp $
-->
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
@@ -24,7 +24,7 @@
</author>
</authorgroup>
- <pubdate>$Date: 2001-07-20 07:42:09 $</pubdate>
+ <pubdate>$Date: 2001-08-30 11:03:57 $</pubdate>
<abstract>
<para>This article documents how to setup a firewall using a PPP
@@ -38,24 +38,23 @@
<title>Preface</title>
<para>Dialup Firewalling with FreeBSD</para>
-
- <para>This document aims to cover the process that is required in
- order to setup firewalling with FreeBSD when are dynamically
- assigned an IP address by your ISP. While every effort has been
- made to make this document as informative and correct as possible,
- you are welcome to mail your comments/suggestions to the
- <email>marcs@draenor.org</email>.</para>
+
+ <para>This document covers the process that is required to setup
+ firewalling with FreeBSD when an IP address is assigned dynamically
+ by your ISP. While every effort has been made to make this document
+ as informative and correct as possible, you are welcome to mail your
+ comments/suggestions to the <email>marcs@draenor.org</email>.</para>
</sect1>
<sect1 id="kernel">
<title>Kernel Options</title>
- <para>The first thing you'll need to do is recompile your kernel in
- FreeBSD. If you need more information on how to recompile the kernel,
+ <para>The first thing you'll need to do is recompile your kernel
+ If you need more information on how to recompile the kernel,
then the best place to start is the <ulink
URL="http://www.freebsd.org/handbook/kernelconfig.html">kernel
- configuration section in the Handbook</ulink>. You need to compile the
- following options into the kernel: </para>
+ configuration section in the Handbook</ulink>. You need to add the
+ following options into your kernel configuration file:</para>
<variablelist>
<varlistentry>
@@ -80,7 +79,8 @@
<listitem>
<para>Limits the number of times a matching entry is logged. This
- stops your log files filling up with lots of repetitive entries.
+ prevents your log file from filling up with lots of repetitive
+ entries.
<replaceable>100</replaceable> is a reasonable number to use, but
you can adjust it based on your requirements.</para>
</listitem>
@@ -96,7 +96,7 @@
</varlistentry>
</variablelist>
- <para>There are also some other OPTIONAL items that you can compile
+ <para>There are some other OPTIONAL items that you can compile
into the kernel for some added security. These are not required in
order to get firewalling to work, but some more paranoid users may
want to use them.</para>
@@ -115,8 +115,8 @@
</varlistentry>
</variablelist>
- <para>Don't reboot once you have recompiled the kernel. Hopefully, we will
- need to reboot just once in order to complete the installing of the
+ <para>Don't reboot once you have recompiled the kernel. Hopefully,
+ we will only need to reboot once to complete the installation of the
firewall.</para>
</sect1>
@@ -126,7 +126,7 @@
<para>We now need to make some changes to
<filename>/etc/rc.conf</filename> in order to tell it about the
- firewall. Simply add the following lines:</para>
+ firewall. Simply add the following lines:</para>
<programlisting>firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
@@ -134,8 +134,8 @@ natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"</programlisting>
- <para>For more information on what the above do take a look at
- <filename>/etc/defaults/rc.conf</filename> and read
+ <para>For more information on the functions of these statements take
+ a look at <filename>/etc/defaults/rc.conf</filename> and read
&man.rc.conf.5;</para>
</sect1>
@@ -143,11 +143,11 @@ natd_flags="-dynamic"</programlisting>
<title>Disable PPP's network address translation</title>
<para>You may already be using PPP's built in network address
- translation (NAT). If that is the case you will have to disable it,
- as these examples use &man.natd.8; to do the same.</para>
+ translation (NAT). If that is the case then you will have to disable
+ it, as these examples use &man.natd.8; to do the same.</para>
<para>If you already have a block of entries to
- automatically start PPP it probably looks like this:</para>
+ automatically start PPP, it probably looks like this:</para>
<programlisting>ppp_enable="YES"
ppp_mode="auto"
@@ -163,26 +163,26 @@ ppp_profile="<replaceable>profile</replaceable>"</programlisting>
<sect1 id="rules">
<title>The ruleset for the firewall</title>
- <para>We're nearly done now. All that remains now is to define the
+ <para>We're nearly done now. All that remains now is to define the
firewall rules and then we can reboot and the firewall should be up and
- running. I realize that everyone will want something slightly different
- when it comes to their rulebase. What I've tried to do is write a
- rulebase that suits most dialup users. You can obviously modify it to
- your needs by simply using the following rules as the foundation for
+ running. I realize that everyone will want something slightly different
+ when it comes to their rulebase. What I've tried to do is write a
+ rulebase that suits most dialup users. You can obviously modify it to
+ your needs by using the following rules as the foundation for
your own rulebase. First, let's start with the basics of closed
- firewalling. What you want to do is deny everything by default and then
- only open up for the things you really need. Rules should be in the
- order of allow first and then deny. The premise is that you add the
- rules for your allows, and then everything else is denied. :)</para>
+ firewalling. What you want to do is deny everything by default and then
+ only open up for the things you really need. Rules should be in the
+ order of allow first and then deny. The premise is that you add the
+ rules for your allows, and then everything else is denied. :)</para>
<para>Now, let's make the dir /etc/firewall. Change into the directory and
edit the file <filename>fwrules</filename> as we specified in
- <filename>rc.conf</filename>. Please note that you can change this
- filename to be anything you wish. This guide just gives an example of a
+ <filename>rc.conf</filename>. Please note that you can change this
+ filename to anything you wish. This guide just gives an example of a
filename. </para>
- <para>Now, let's look at a sample firewall file, and we'll detail
- everything in it. </para>
+ <para>Now, let's look at a sample firewall file, that is commented
+ nicely.</para>
<programlisting># Firewall rules
# Written by Marc Silver (marcs@draenor.org)