Date: Fri, 24 Apr 2009 04:55:19 -0400 From: Tom Rhodes <trhodes@FreeBSD.org> To: Manolis Kiagias <sonic2000gr@gmail.com> Cc: pepper@cbio.mskcc.org, trhodes@FreeBSD.org, pgj@FreeBSD.org, freebsd-doc@FreeBSD.org, keramida@FreeBSD.org, gabor@FreeBSD.org Subject: Re: [PATCH] for the 'firewalls' chapter Message-ID: <20090424045519.337d3b4d.trhodes@FreeBSD.org> In-Reply-To: <49F17583.4070200@gmail.com> References: <49E796E6.70709@gmail.com> <20090424022336.3f4c6792.trhodes@FreeBSD.org> <49F17583.4070200@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 24 Apr 2009 11:17:07 +0300 Manolis Kiagias <sonic2000gr@gmail.com> wrote: > Tom Rhodes wrote: > > Hey Manolis, > > > > My review, as promised, please see comments in line. I'm sorry > > it came so late! Thanks! > > > > > > Thank you Tom! Integrated most of your changes and the patch and build > are updated: > > http://people.freebsd.org/~manolis/firewalls.diff > > http://www.freebsdgr.org/handbook-mine/firewalls.html > > Few more comments below: > > <acronym>ALTQ</acronym> with > > - <acronym>PF</acronym>. Traffic shaping for <acronym>IPFILTER</acronym> can currently > > - be done with <acronym>IPFILTER</acronym> for NAT and filtering and > > + <acronym>PF</acronym>. Traffic shaping for IPFILTER can currently > > + be done with IPFILTER for NAT and filtering and > > <acronym>IPFW</acronym> with &man.dummynet.4; > > > > Too many "and" in this sentence. How about: > > > > "Traffic shaping for IPFILTER can currently be done with IPFILTER > > for NAT. IPFW filtering is handled via the &man.dummynet.4; > > driver ..." > > > > Perhaps the entire paragraph should be re-worded after we > > commit these other changes? > > > > > > Yes, the entire paragraph makes no sense for me. If you (or anyone > else) can come up with an alternative, it would be nice to include in > this (already too long) patch... Good. :) I just tried and really, perhaps it's just too early, but I'm at a loss. > > > Are we using "rule set" or "ruleset" because up above it was just > > one word. We should come to a conclusion and run a %s/one/right one/g > > across this chapter then. :) > > > > > > > > True. I changed everything to 'ruleset' for consistency. Awesome. > > > + > > <para>There is no way to match ranges of IP addresses which > > - do not express themselves easily as mask-length. See this > > + do not express themselves easily using the dotted numeric > > + form / mask-length notation. See this > > web page for help on writing mask-length: <ulink > > url="http://jodies.de/ipcalc"></ulink>.</para>; > > > > It's a port too, that ipcalc utility. :) > > > > > > > > Added this info too, thanks! Awesome. > > > <para>There are some additional configuration statements that > > need to be enabled to activate the <acronym>NAT</acronym> > > - function of IPFW. The kernel source needs 'option IPDIVERT' > > + function of IPFW. The kernel source needs <literal>option IPDIVERT</literal> > > > > > > I've always used: > > > > <programlisting>option SOMEOPTION</programlisting> > > > > But that's probably not a huge deal. > > > > > > Well, I prefer <literal> for in-paragraph one liners and > <programlisting> for longer separate sections. Sure, I'm fine with that. :) -- Tom Rhodes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090424045519.337d3b4d.trhodes>