Date: Mon, 10 May 2004 06:01:16 -0600 (MDT) From: Warren Block <wblock@wonkity.com> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: freebsd-doc@freebsd.org Subject: Re: docs/66442: [PATCH] proposed dialup-firewall article wording change Message-ID: <20040510054824.V7383@wonkity.com> In-Reply-To: <200405100928.i4A9STqI041982@www.freebsd.org> References: <200405100928.i4A9STqI041982@www.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 May 2004, Giorgos Keramidas wrote:
> Both paragraphs listed in the diff below start with "First". Surely
> one of them must be "second" :-)
> <para>First, let's start with the basics of closed firewalling.
> Closed firewalling is based on the idea that everything is denied
> by default. The system administrator may then explicitly add
> rules for traffic that he or she would like to allow. Rules
> should be in the order of allow first, and then deny. The premise
> is that you add the rules for everything you would like to allow,
> and then everything else is automatically denied.</para>
Eliminate the first sentence entirely. Actually:
A closed firewall has everything denied by default. The system
administrator may then add rules to allow desired traffic.
Rules that allow traffic are listed first, and then everything
else is denied.
Let's create the directory where we will store our
firewall rules. For this example, we'll use <filename
class="directory">/etc/firewall</filename>. Change into the
directory and edit the file <filename>fwrules</filename> as
specified in <filename>rc.conf</filename>. (This filename
can be anything you wish, as long as it matches the name given
in <filename>rc.conf</filename>.)
-Warren Block * Rapid City, South Dakota USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040510054824.V7383>