aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMuhammad Moinur Rahman <bofh@FreeBSD.org>2022-11-06 17:57:00 +0000
committerMuhammad Moinur Rahman <bofh@FreeBSD.org>2022-11-06 17:57:00 +0000
commit9c05bcb9608cfb1e77409ea364984a383fd0cd1e (patch)
tree8f98ab887f4b8ee2a513e374f1bce5cfbad1168b
parent080ea6ab4480770854cb47dacb3f668a072066da (diff)
downloaddoc-9c05bcb960.tar.gz
doc-9c05bcb960.zip
handbook: Fix ipfw syntax
In the handbook ipfw mentions about redirect_address which is wrong. The exact terminology is redirect_addr. For reference please check the man page: https://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=8&manpath=FreeBSD+12.3-RELEASE+and+Ports&arch=default&format=html https://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=8&manpath=FreeBSD+13.1-RELEASE+and+Ports&arch=default&format=html While I am here fix EOL space Approved by: carlavilla Differential Revision: https://reviews.freebsd.org/D37264
-rw-r--r--documentation/content/en/books/handbook/firewalls/_index.adoc14
1 files changed, 7 insertions, 7 deletions
diff --git a/documentation/content/en/books/handbook/firewalls/_index.adoc b/documentation/content/en/books/handbook/firewalls/_index.adoc
index 6f239ee78b..ba6083f2cf 100644
--- a/documentation/content/en/books/handbook/firewalls/_index.adoc
+++ b/documentation/content/en/books/handbook/firewalls/_index.adoc
@@ -503,7 +503,7 @@ The most common points against using FTP include:
* The protocol demands the use of at least two TCP connections (control and data) on separate ports.
* When a session is established, data is communicated using randomly selected ports.
-All of these points present security challenges, even before considering any potential security weaknesses in client or server software.
+All of these points present security challenges, even before considering any potential security weaknesses in client or server software.
More secure alternatives for file transfer exist, such as man:sftp[1] or man:scp[1], which both feature authentication and data transfer over encrypted connections.
For those situations when FTP is required, PF provides redirection of FTP traffic to a small proxy program called man:ftp-proxy[8], which is included in the base system of FreeBSD.
@@ -1598,19 +1598,19 @@ Each LAN client can be assigned its own external IP address by man:ipfw[8], whic
This is also known as static NAT.
For example, if IP addresses `128.1.1.1`, `128.1.1.2`, and `128.1.1.3` are available, `128.1.1.1` can be used as the man:ipfw[8] machine's external IP address, while `128.1.1.2` and `128.1.1.3` are forwarded back to LAN clients `A` and `B`.
-The `redirect_address` syntax is as below, where `localIP` is the internal IP address of the LAN client, and `publicIP` the external IP address corresponding to the LAN client.
+The `redirect_addr` syntax is as below, where `localIP` is the internal IP address of the LAN client, and `publicIP` the external IP address corresponding to the LAN client.
[.programlisting]
....
-redirect_address localIP publicIP
+redirect_addr localIP publicIP
....
In the example, the arguments would read:
[.programlisting]
....
-redirect_address 192.168.0.2 128.1.1.2
-redirect_address 192.168.0.3 128.1.1.3
+redirect_addr 192.168.0.2 128.1.1.2
+redirect_addr 192.168.0.3 128.1.1.3
....
Like `redirect_port`, these arguments are placed in a NAT instance configuration.
@@ -1663,7 +1663,7 @@ Below are two example entries, one per line:
[.programlisting]
....
redirect_port tcp 192.168.0.2:6667 6667
-redirect_address 192.168.0.3 128.1.1.3
+redirect_addr 192.168.0.3 128.1.1.3
....
====
@@ -2686,6 +2686,6 @@ After identifying the address to be unblocked from the list, the following comma
# pfctl -a blacklistd/22 -t port22 -T delete 213.0.123.128/25
....
-The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF.
+The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF.
The entry in blacklistd's database will eventually expire and be removed from its output.
The entry will be added again if the host is matching one of the block rules in blacklistd again.