Date: Fri, 11 Feb 2005 02:49:55 GMT From: David Adam <zanchey@ucc.gu.uwa.edu.au> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/77370: [patch] Fix errors in IPF section of firewalls chapter Message-ID: <200502110249.j1B2nt1A065444@www.freebsd.org> Resent-Message-ID: <200502110250.j1B2o4Xu002368@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 77370 >Category: docs >Synopsis: [patch] Fix errors in IPF section of firewalls chapter >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Fri Feb 11 02:50:04 GMT 2005 >Closed-Date: >Last-Modified: >Originator: David Adam >Release: FreeBSD 5-STABLE >Organization: University Computer Club, UWA >Environment: Linux mussel 2.4.27-grsec #1 Wed Aug 18 19:57:12 WST 2004 i686 GNU/Linux >Description: Recent commits (http://www.freebsd.org/cgi/cvsweb.cgi/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml.diff?r1=1.26&r2=1.27&f=h) to the IPF section of the firewall chapter have introduced several spelling and grammatical errors, as well as (in my opinion) suboptimal SGML use. >How-To-Repeat: http://lists.freebsd.org/pipermail/freebsd-doc/2005-February/007082.html discusses the changes. The included patch fixes several minor grammatical and spelling errors, and also changes several <programlisting> and <command> sections to <screen>, <literal> and <userinput> where required. >Fix: Patch also available at http://zanchey.ucc.asn.au/freebsd/firewalls.chapter.patch --- firewalls.chapter.sgml.orig 2005-02-11 09:45:29.000000000 +0800 +++ firewalls.chapter.sgml 2005-02-11 10:35:31.000000000 +0800 @@ -822,12 +822,11 @@ <para>Symbolic fields do not have the $ prefix.</para> - <para>The value to populate the Symbolic field must be enclosed - with "double quotes".</para> + <para>The value to populate the symbolic field must be enclosed + with double quotes (<literal>"</literal>).</para> <para>Start your rule file with something like this:</para> - <programlisting>############# Start of IPF rules script ######################## oif="dc0" # name of the outbound interface @@ -836,7 +835,7 @@ ks="keep state" fks="flags S keep state" -# You can chose between building /etc/ipf.rules file +# You can choose between building /etc/ipf.rules file # from this script or running this script "as is". # # Uncomment only one line and comment out another. @@ -860,25 +859,24 @@ ################## End of IPF rules script ########################</programlisting> <para>That is all there is to it. The rules are not important in - this example; how the Symbolic substitution field are populated + this example; how the symbolic substitution fields are populated and used are. If the above example was in a file named <filename>/etc/ipf.rules.script</filename>, - you could reload these rules by entering this on the command - line:</para> + you could reload these rules by entering the following command:</para> - <programlisting><command>sh /etc/ipf.rules.script</command> - </programlisting> + <screen>&prompt.root; <userinput>sh /etc/ipf.rules.script</command> + </screen> <para>There is one problem with using a rules file with embedded - symbolics. IPF do not understand symbolic substitution, and - can not read such scripts directly.</para> + symbolics: IPF does not understand symbolic substitution, and + cannot read such scripts directly.</para> <para>This script can be used in one of two ways:</para> <itemizedlist> <listitem> - <para>Uncomment line that begins from <command>cat</command> - and comment out line that begins from - <filename>/sbin/ipf</filename>. Place + <para>Uncomment the line that begins with <literal>cat</literal>, + and comment out the line that begins with + <literal>/sbin/ipf</literal>. Place <literal>ipfilter_enable="YES"</literal> into <filename>/etc/rc.conf</filename> as usual, and run script once after each modification to create or update @@ -903,11 +901,12 @@ <para>The permissions on this script file must be read, write, execute for owner <username>root</username>.</para> - <programlisting><command>chmod 700 /usr/local/etc/rc.d/ipf.loadrules.sh</command></programlisting> + <screen>&prompt.root; <userinput>chown root /usr/local/etc/rc.d/ipf.loadrules.sh</userinput> +&prompt.root; <userinput>chmod 700 /usr/local/etc/rc.d/ipf.loadrules.sh</userinput></screen> </listitem> </itemizedlist> - <para>Now, when your system boots your IPF rules will be + <para>Now, when your system boots, your IPF rules will be loaded.</para> </sect2> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502110249.j1B2nt1A065444>