Ignore:
Timestamp:
05/30/2004 05:30:47 AM (20 years ago)
Author:
Bruce Dubbs <bdubbs@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
1dad4a4
Parents:
4ea49a31
Message:

Typos and punctuation

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2236 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • postlfs/security/firewalling/busybox.xml

    r4ea49a31 r1ea79a1  
    1111
    1212<para>Be cautious.  Every service you offer and have enabled makes your
    13 setup more complex and your box less secure: You induce the risks of
    14 misconfigured services or running a service with an exploitable bug, both risks
    15 that a firewall principally should be immune of. See the introduction to
     13setup more complex and your box less secure. You induce the risks of
     14misconfigured services or running a service with an exploitable bug.  A firewall
     15should generally not run any extra services. See the introduction to
    1616<xref linkend="postlfs-security-fw-masqRouter"/> for some more details.</para>
    1717
     
    3131iptables -A OUTPUT                                      -j ACCEPT</screen>
    3232
    33 <para>However, it is generally not advisable to leave OUTPUT unrestricted: you lose
    34 any control on trojans who'd like to "call home", and a bit of redundancy in case
     33<para>However, it is generally not advisable to leave OUTPUT unrestricted. You lose
     34any control over trojans who'd like to "call home", and a bit of redundancy in case
    3535you've (mis-)configured a service so that it does broadcast its existence to the
    3636world.</para>
     
    5959
    6060<listitem><para><anchor id='postlfs-security-fw-BB-4' xreflabel="example no. 4"/>If you are
    61 frequently accessing ftp-servers or enjoy chatting you might notice certain
     61frequently accessing ftp-servers or enjoy chatting, you might notice certain
    6262delays because some implementations of these daemons have the feature of
    63 querying an identd on your box for your username for logging.
     63querying an identd on your box for logging usernames.
    6464Although there's really no harm in this, having an identd running is not
    6565recommended because some implementations are known to be vulnerable.</para>
     
    7171iptables -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT</screen></listitem>
    7272
    73 <listitem><para>To log and drop invalid packets, mostly harmless packets
    74 that came in after netfilter's timeout, sometimes scans:</para>
     73<listitem><para>To log and drop invalid packets (harmless packets
     74that came in after netfilter's timeout or some types of network scans):</para>
    7575
    7676<screen>iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG --log-prefix \
Note: See TracChangeset for help on using the changeset viewer.