diff options
| author | Jordan K. Hubbard <jkh@FreeBSD.org> | 1996-06-19 20:28:30 +0000 |
|---|---|---|
| committer | Jordan K. Hubbard <jkh@FreeBSD.org> | 1996-06-19 20:28:30 +0000 |
| commit | 8f8eb63a5a541d9fe183835eeccd0f9246a8ce8f (patch) | |
| tree | babf3b45278ff730781c4c6d874636e1489ea67d /handbook/firewalls.sgml | |
| parent | 31444442c3a0c70f1c4de4aa0e4f95e5a6b9c31a (diff) | |
| download | doc-8f8eb63a5a541d9fe183835eeccd0f9246a8ce8f.tar.gz doc-8f8eb63a5a541d9fe183835eeccd0f9246a8ce8f.zip | |
Merge from HEAD. This is part of a multi-part commit since the SGML tools
need to be merged as well for this to work, but they're in a different part of
the subtree. I have to merge this because a) our -stable docs are way out of
date and b) I need the "doc" distribution to appear in -stable if I'm to use
a single copy of sysinstall for both. Reviewers of this MOST welcome!
Notes
Notes:
svn path=/branches/RELENG_2_1_0/; revision=372
Diffstat (limited to 'handbook/firewalls.sgml')
| -rw-r--r-- | handbook/firewalls.sgml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/handbook/firewalls.sgml b/handbook/firewalls.sgml index cc39cdebd3..2bbf124233 100644 --- a/handbook/firewalls.sgml +++ b/handbook/firewalls.sgml @@ -1,4 +1,4 @@ -<!-- $Id: firewalls.sgml,v 1.1.2.2 1996-01-31 14:32:19 mpp Exp $ --> +<!-- $Id: firewalls.sgml,v 1.1.2.3 1996-06-19 20:27:44 jkh Exp $ --> <!-- The FreeBSD Documentation Project --> <sect><heading>Firewalls<label id="firewalls"></heading> @@ -47,7 +47,7 @@ impossible to cover them in this document. <sect2><heading>Packet filtering routers<label id="firewalls:packet_filters"></heading> <p>A router is a machine which forwards packets between two or more -networks. A packet filtering router has an extra piece of code in it's +networks. A packet filtering router has an extra piece of code in its kernel, which compares each packet to a list of rules before deciding if it should be forwarded or not. Most modern IP routing software has packet filtering code in it, which defaults to forwarding all @@ -56,7 +56,7 @@ the filtering code, so that it can decide if the packet should be allowed to pass or not. <p>To decide if a packet should be passed on or not, the code looks -through it's set of rules for a rule which matches the contents of +through its set of rules for a rule which matches the contents of this packets headers. Once a match is found, the rule action is obeyed. The rule action could be to drop the packet, to forward the packet, or even to send an ICMP message back to the originator. Only @@ -146,7 +146,7 @@ will happen. <p>The configuration of the <tt>IPFW</tt> software is done through the <tt>ipfw(8)</tt> utility. The syntax for this command looks quite complicated, but it is relatively simple once you understand -it's structure. +its structure. <p>There are currently two different command line formats for the utility, depending on what you are doing. The first form is used when |