Date: Tue, 18 Feb 2014 21:30:20 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r43987 - head/en_US.ISO8859-1/books/handbook/firewalls Message-ID: <201402182130.s1ILUKKu057822@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Tue Feb 18 21:30:19 2014 New Revision: 43987 URL: http://svnweb.freebsd.org/changeset/doc/43987 Log: Prep work for next round of edits. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Tue Feb 18 21:05:36 2014 (r43986) +++ head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml Tue Feb 18 21:30:19 2014 (r43987) @@ -1191,30 +1191,8 @@ pass inet proto tcp from any to $localne <programlisting>/usr/local/sbin/expiretable -v -d -t 24h bruteforce</programlisting> </sect3> - <sect3 xml:id="pftut-tools"> - <title>Other <application>PF</application> Tools</title> - - <para>Over time, a number of tools have been developed which - interact with <application>PF</application> in various - ways.</para> - - <sect4 xml:id="pftut-pftop"> - <title>The <application>pftop</application> Traffic - Viewer</title> - - <para>Can Erkin Acar's <application>pftop</application> - makes it possible to keep an eye on what passes into and - out of the network. <application>pftop</application> is - available through the ports system as - <package>sysutils/pftop</package>. The name is a strong - hint at what it does - <application>pftop</application> - shows a running snapshot of traffic in a format which is - strongly inspired by &man.top.1;.</para> - </sect4> - - <sect4 xml:id="pftut-spamd"> - <title>The <application>spamd</application> Spam Deferral - Daemon</title> + <sect3 xml:id="pftut-spamd"> + <title>Protecting Against <acronym>SPAM</acronym></title> <para>Not to be confused with the <application>spamd</application> daemon which comes @@ -1249,11 +1227,7 @@ pass inet proto tcp from any to $localne implementation with one byte SMTP replies is often referred to as <firstterm>stuttering</firstterm>.</para> - <sect5 xml:id="pftut-spamd-allblack"> - <title>A Basic Blacklisting - <application>spamd</application></title> - - <para>Here is the basic procedure for setting up + <para>This example demonstrates the basic procedure for setting up <application>spamd</application> with automatically updated blacklists:</para> @@ -1392,11 +1366,9 @@ rdr pass on $ext_if inet proto tcp from <para>On a typical gateway in front of a mail server, hosts will start getting trapped within a few seconds to several minutes.</para> - </sect5> - <sect5 xml:id="pftut-spamd-greylist"> - <title>Adding Greylisting to the - <application>spamd</application> Setup</title> + <sect4 xml:id="pftut-spamd-greylist"> + <title>Adding Greylisting to the Setup</title> <para><application>spamd</application> also supports <firstterm>greylisting</firstterm>, which works by @@ -1505,20 +1477,16 @@ rdr pass on $ext_if inet proto tcp from administrator's main interface to managing the black, grey and white lists via the contents of the <filename>/var/db/spamdb</filename> database.</para> - </sect5> </sect4> + </sect3> - <sect4 xml:id="pftut-hygiene"> - <title>Network Hygiene: Blocking, Scrubbing and so - On</title> - - <para>Our gateway does not feel quite complete without a few - more items in the configuration which will make it behave - a bit more sanely towards hosts on the wide net and our - local network.</para> + <sect3 xml:id="pftut-hygiene"> + <title>Network Hygiene</title> - <sect5 xml:id="pftut-blockpolicy"> - <title><literal>block-policy</literal></title> + <para>This section describes how + <literal>block-policy</literal>, <literal>scrub</literal>, + and <literal>antispoof</literal> can be used to make the + ruleset behave sanely.</para> <para><literal>block-policy</literal> is an option which can be set in the <literal>options</literal> part of the @@ -1539,10 +1507,6 @@ rdr pass on $ext_if inet proto tcp from returns:</para> <programlisting>set block-policy return</programlisting> - </sect5> - - <sect5 xml:id="pftut-scrub"> - <title><literal>scrub</literal></title> <para>In <application>PF</application> versions up to OpenBSD 4.5 inclusive, <literal>scrub</literal> is a @@ -1573,10 +1537,6 @@ rdr pass on $ext_if inet proto tcp from possible, and you should be able to cater to various specific needs by consulting the man pages and some experimentation.</para> - </sect5> - - <sect5 xml:id="pftut-antispoof"> - <title><literal>antispoof</literal></title> <para><literal>antispoof</literal> is a common special case of filtering and blocking. This mechanism protects @@ -1591,9 +1551,9 @@ rdr pass on $ext_if inet proto tcp from <programlisting>antispoof for $ext_if antispoof for $int_if</programlisting> - </sect5> + </sect3> - <sect5 xml:id="pftut-unrouteables"> + <sect3 xml:id="pftut-unrouteables"> <title>Handling Non-Routable Addresses from Elsewhere</title> @@ -1643,9 +1603,24 @@ block drop out quick on $ext_if from any xlink:href="http://home.nuug.no/~peter/pf/">http://home.nuug.no/~peter/pf/</link>, where you will also find slides from related presentations.</para> - </sect5> - </sect4> </sect3> + + <sect3 xml:id="pftut-pftop"> + <title>Viewing Traffic</title> + + <para>Over time, a number of tools have been developed which + interact with <application>PF</application> in various + ways.</para> + + <para>Can Erkin Acar's <application>pftop</application> + makes it possible to keep an eye on what passes into and + out of the network. <application>pftop</application> is + available through the ports system as + <package>sysutils/pftop</package>. The name is a strong + hint at what it does - <application>pftop</application> + shows a running snapshot of traffic in a format which is + strongly inspired by &man.top.1;.</para> + </sect3> </sect2> </sect1>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402182130.s1ILUKKu057822>