Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 May 2004 04:08:23 +0300
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        Warren Block <wblock@wonkity.com>
Cc:        doc@freebsd.org
Subject:   Re: docs/66442: [PATCH] proposed dialup-firewall article wording change
Message-ID:  <20040511010823.GH27645@gothmog.gr>
In-Reply-To: <20040510054824.V7383@wonkity.com>
References:  <200405100928.i4A9STqI041982@www.freebsd.org> <20040510054824.V7383@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2004-05-10 06:01, Warren Block <wblock@wonkity.com> wrote:
> On Mon, 10 May 2004, Giorgos Keramidas wrote:
> > Both paragraphs listed in the diff below start with "First".  Surely
> > one of them must be "second" :-)
> > [snip]
> >      <para>First, let's start with the basics of closed firewalling.
> >        Closed firewalling is based on the idea that everything is denied
> >        by default.  The system administrator may then explicitly add
> >        rules for traffic that he or she would like to allow.  Rules
> >        should be in the order of allow first, and then deny.  The premise
> >        is that you add the rules for everything you would like to allow,
> >        and then everything else is automatically denied.</para>
>
> Eliminate the first sentence entirely.  Actually:
>
>         A closed firewall has everything denied by default.  The system
>         administrator may then add rules to allow desired traffic.
>         Rules that allow traffic are listed first, and then everything
>         else is denied.
>
>         Let's create the directory where we will store our
>         firewall rules.  For this example, we'll use <filename
>         class="directory">/etc/firewall</filename>. Change into the
>         directory and edit the file <filename>fwrules</filename> as
>         specified in <filename>rc.conf</filename>.  (This filename
>         can be anything you wish, as long as it matches the name given
>         in <filename>rc.conf</filename>.)

Oh, nice!

I see that Josef has already committed the previous version, but...  If
someone wants to recommit, changing the text to match Warren's wording,
feel free to make the change.  I'm not particularly fanatic about this
or that option and I do like this better :)

Giorgos

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040511010823.GH27645>