docs/93764: [patch] addition to firewalls section - ipfw

Ceri Davies ceri at submonkey.net
Fri Feb 24 11:00:18 UTC 2006 

The following reply was made to PR docs/93764; it has been noted by GNATS.

From: Ceri Davies <ceri at submonkey.net>
To: Daniel Gerzo <danger at rulez.sk>,
	<FreeBSD-gnats-submit at FreeBSD.org>
Cc:  
Subject: Re: docs/93764: [patch] addition to firewalls section - ipfw
Date: Fri, 24 Feb 2006 10:52:24 +0000

 On 23/2/06 19:16, "Daniel Gerzo" <danger at rulez.sk> wrote:
 
 Daniel,
 
 Welcome to your first proper review by me.  We hope that you don't squirm
 too much. :)
 
 > @@ -2283,7 +2283,50 @@
 >  
 >        <para>Set the script to run to activate your rules:</para>
 >  
 > -      <programlisting>firewall_script="/etc/ipfw.rules"</programlisting>
 > +      <programlisting>firewall_script="/etc/rc.firewall"</programlisting>
 
 That's the default, so perhaps we can get away with not specifying this all.
 
 > +
 > +      <para>Set the type of firewall.  This enables a simple pre-set
 > + ruleset for <application>IPFW</application>:</para>
 > +      
 > +      <programlisting>firewall_type="open"</programlisting>
 > +
 > +      <para>Available values for this setting are:</para>
 
 This is the handbook.  We can get away with an actual paragraph explaining
 this pre-set ruleset thing.  I think that the above is too brief and
 presupposes that I know what you're saying already.
 
 
 > +      <itemizedlist>
 > + <listitem>
 > +   <para><literal>open</literal> — allow anyone in.</para>
 > + </listitem>
 
 That text isn't good.  "Pass all traffic" perhaps?
 
 > + <listitem>
 > +   <para><literal>client</literal> — will protect only this
 > +     machine.</para>
 > + </listitem>
 > + <listitem>
 > +   <para><literal>simple</literal> — protect the whole
 > +     network.</para>
 
 Do what now?  So I can run this on a FreeBSD machine and do without a
 firewall?  Sweet!  Seriously though, "protect the whole network" is
 misleading in the absence of context.
 
 > + </listitem>
 > + <listitem>
 > +   <para><literal>closed</literal> — entirely disables IP
 > +     services except via lo0 interface.</para>
 
 s/services/traffic/, s/via/via the/
 
 > + </listitem>
 > + <listitem>
 > +   <para><literal>UNKNOWN</literal> — disables the loading
 > +     of firewall rules.</para>
 > + </listitem>
 > + <listitem>
 > +   <para><replaceable>filename</replaceable> — will load the rules
 > +     in the given filename (full path required).</para>
 
 s/full/absolute/
 
 > + </listitem>
 > +      </itemizedlist>
 > +
 > +      <note>
 > + <para>If <literal>firewall_type</literal> is set either to
 > +   <literal>client</literal> or <literal>simple</literal>, the
 > +   default rules found in <filename>/etc/rc.firewall</filename>
 > +   should be reviewed to fit to the setup of the given machine.
 
 Try to avoid the word "setup" if you can.  Try one of "purpose",
 "configuration", "services", "function", etc.
 
 > +   Also note, that the examples used in this chapter expect that
 
 That comma doesn't belong there.
 
 > +   the <literal>firewall_type</literal> is set to
 > +   <filename>/etc/ipfw.rules</filename>.</para>
 > +      </note>
 
 Ceri
 -- 
 That must be wonderful!  I don't understand it at all.
                                       -- Moliere

More information about the freebsd-doc mailing list