From owner-freebsd-doc@FreeBSD.ORG  Fri Apr 24 08:17:14 2009
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 08C03106566C;
	Fri, 24 Apr 2009 08:17:14 +0000 (UTC)
	(envelope-from sonic2000gr@gmail.com)
Received: from mail-ew0-f171.google.com (mail-ew0-f171.google.com
	[209.85.219.171])
	by mx1.freebsd.org (Postfix) with ESMTP id B2E2D8FC1A;
	Fri, 24 Apr 2009 08:17:12 +0000 (UTC)
	(envelope-from sonic2000gr@gmail.com)
Received: by ewy19 with SMTP id 19so873526ewy.43
	for <multiple recipients>; Fri, 24 Apr 2009 01:17:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:cc:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=m2mhH+LPOmYapJ+iUsLTXp3uotoNeFwq/THyejmD+3o=;
	b=vMvBEsTa9wGucC6zmDxPlYTsfJMwZ+lcUW7dvQC/AOj01CqmEQ8BwY8H3Zfw5AiJys
	1str33HRf4Zy6miE1qwRwZWHgMdw0imeL0XNEyq0b2npnG3yhkqhxkq7qXEctdigvOlL
	wyxk0Cg+p2VUbBDhdptWIUXqSpxRPvcSOoCis=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	b=tVMjJRdmHL7NGAEFx+0P+PVax+jfBjI+NQgOvCfb7wgkdxbyO9K00eib65t5SViWgy
	vloIVwtx/lvhkK/ku/r53N0Zq4RVBahtDzSIkL2jmdY3C1VgYMAgI7BCntJSwEJ/lPsC
	R+vMrpnuTw4SIXtPIBSbPr4so5KHUVPoSGptg=
Received: by 10.210.43.10 with SMTP id q10mr949219ebq.72.1240561031402;
	Fri, 24 Apr 2009 01:17:11 -0700 (PDT)
Received: from atlantis.dyndns.org (ppp-94-69-70-7.home.otenet.gr [94.69.70.7])
	by mx.google.com with ESMTPS id 10sm1308994eyd.32.2009.04.24.01.17.09
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Fri, 24 Apr 2009 01:17:10 -0700 (PDT)
Message-ID: <49F17583.4070200@gmail.com>
Date: Fri, 24 Apr 2009 11:17:07 +0300
From: Manolis Kiagias <sonic2000gr@gmail.com>
User-Agent: Thunderbird 2.0.0.21 (X11/20090414)
MIME-Version: 1.0
To: Tom Rhodes <trhodes@FreeBSD.org>
References: <49E796E6.70709@gmail.com>
	<20090424022336.3f4c6792.trhodes@FreeBSD.org>
In-Reply-To: <20090424022336.3f4c6792.trhodes@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Chris Pepper <pepper@cbio.mskcc.org>,
	"freebsd-doc@freebsd.org" <freebsd-doc@freebsd.org>,
	Gabor Kovesdan <gabor@FreeBSD.org>,
	Giorgos Keramidas <keramida@freebsd.org>, Gabor PALI <pgj@FreeBSD.org>
Subject: Re: [PATCH] for the 'firewalls' chapter
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2009 08:17:14 -0000

Tom Rhodes wrote:
> Hey Manolis,
>
> My review, as promised, please see comments in line.  I'm sorry
> it came so late!  Thanks!
>
>   

Thank you Tom! Integrated most of your changes and the patch and build
are updated:

http://people.freebsd.org/~manolis/firewalls.diff

http://www.freebsdgr.org/handbook-mine/firewalls.html

Few more comments below:
>     <acronym>ALTQ</acronym> with
> -      <acronym>PF</acronym>.  Traffic shaping for <acronym>IPFILTER</acronym> can currently
> -      be done with <acronym>IPFILTER</acronym> for NAT and filtering and
> +      <acronym>PF</acronym>.  Traffic shaping for IPFILTER can currently
> +      be done with IPFILTER for NAT and filtering and
>        <acronym>IPFW</acronym> with &man.dummynet.4;
>
> Too many "and" in this sentence.  How about:
>
> "Traffic shaping for IPFILTER can currently be done with IPFILTER
> for NAT.  IPFW filtering is handled via the &man.dummynet.4;
> driver ..."
>
> Perhaps the entire paragraph should be re-worded after we
> commit these other changes?
>
>   

Yes, the entire paragraph makes no sense for me.   If you (or anyone
else) can come up with an alternative, it would be nice to include in
this (already too long) patch...

> Are we using "rule set" or "ruleset" because up above it was just
> one word.  We should come to a conclusion and run a %s/one/right one/g
> across this chapter then.  :)
>
>
>   

True. I changed everything to 'ruleset' for consistency.

> +	
>  	<para>There is no way to match ranges of IP addresses which
> -	  do not express themselves easily as mask-length.  See this
> +	  do not express themselves easily using the dotted numeric
> +	  form / mask-length notation.  See this
>  	  web page for help on writing mask-length: <ulink
>  	    url="http://jodies.de/ipcalc"></ulink>.</para>
>
> It's a port too, that ipcalc utility.  :)
>
>
>   

Added this info too, thanks!

>  	<para>There are some additional configuration statements that
>  	  need to be enabled to activate the <acronym>NAT</acronym>
> -	  function of IPFW.  The kernel source needs 'option IPDIVERT'
> +	  function of IPFW.  The kernel source needs <literal>option IPDIVERT</literal>
>
>
> I've always used:
>
> <programlisting>option	SOMEOPTION</programlisting>
>
> But that's probably not a huge deal.
>
>   

Well, I prefer <literal> for in-paragraph one liners and
<programlisting> for longer separate sections.


Cheers,
manolis@