Changeset 1ef78bc for postlfs

Timestamp:

07/21/2005 08:18:59 PM (19 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

91a3570

Parents:

2bc0646

Message:

Fixed minor typos and grammar changes to Firewalling instructions

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4749 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/firewalling.xml (modified) (15 diffs)

postlfs/security/firewalling.xml

@@ -46 +46 @@
     need to keep applications and daemons on your system properly
     configured and up to date.  A firewall is not a cure all, but should
-    be an essential part of your overall security startegy.</para>
+    be an essential part of your overall security strategy.</para>
 
   </sect2>
@@ -58 +58 @@
       <title><xref linkend="fw-persFw"/></title>
 
-      <para>This is a hardware device or software program commercially
-      sold by companies such as Symantec which claims that it secures
-      a home or desktop computer with Internet access. This type of
-      firewall is highly relevant for users who do not know how their
+      <para>This is a hardware device or software program commercially sold (or
+      offered via freeware) by companies such as Symantec which claims that
+      it secures a home or desktop computer connected to the Internet. This
+      type of firewall is highly relevant for users who do not know how their
       computers might be accessed via the Internet or how to disable
       that access, especially if they are always online and connected
@@ -88 +88 @@
       forgotten, performing masquerading or routing functions, but offering
       non-firewall services such as a web-cache or mail.  This may be used
-      for home networks, but is not be considered as secure as a firewall
+      for home networks, but is not to be considered as secure as a firewall
       only machine because the combination of server and router/firewall on
       one machine raises the complexity of the setup.</para>
@@ -99 +99 @@
 
       <para>This box performs masquerading or routing, but grants public
-      access to some branch of your network which, because of public IP's
+      access to some branch of your network which, because of public IPs
       and a physically separated structure, is essentially a separate
       network with direct Internet access. The servers on this network are
@@ -113 +113 @@
       <para>This type of firewall does routing or masquerading, but does
       not maintain a state table of ongoing communication streams. It is
-      fast, but quite limited in its ability to block inappropriate packets
+      fast, but quite limited in its ability to block undesired packets
       without blocking desired packets.</para>
 
@@ -141 +141 @@
     </caution>
 
-    <para>The firewall configuration script installed in the last section
+    <para>The firewall configuration script installed in the iptables section
     differs from the standard configuration script. It only has two of
     the standard targets: start and status. The other targets are clear
-    and lock. For instance when you run:</para>
+    and lock. For instance if you issue:</para>
 
 <screen role="root"><userinput>/etc/rc.d/init.d/iptables start</userinput></screen>
@@ -255 +255 @@
 
       <para>This script is quite simple, it drops all traffic coming
-      in into your computer that wasn't initiated from your box, but
+      into your computer that wasn't initiated from your computer, but
       as long as you are simply surfing the Internet you are unlikely
       to exceed its limits.</para>
 
       <para>If you frequently encounter certain delays at accessing
-      ftp-servers, take a look at <xref linkend="fw-BB-4"/>.</para>
+      FTP servers, take a look at <xref linkend="fw-BB-4"/>.</para>
 
       <para>Even if you have daemons or services running on your system,
@@ -280 +280 @@
       servers running on it such as <application>X11</application> et
       al. As a general principle, the firewall itself should not access
-      any untrusted service (Think of a remote server giving answers that
-      makes a daemon on your system crash, or, even worse, that implements
+      any untrusted service (think of a remote server giving answers that
+      makes a daemon on your system crash, or even worse, that implements
       a worm via a buffer-overflow).</para>
 
@@ -389 +389 @@
       <note>
         <para>If the interface you're connecting to the Internet
-        doesn't connect via ppp, you will need to change
-        <replaceable>ppp+</replaceable> to the name of the interface,
-        e.g. <emphasis role="strong">eth1</emphasis>, which you are
+        doesn't connect via PPP, you will need to change
+        <replaceable>ppp+</replaceable> to the name of the interface
+        (e.g., <emphasis role="strong">eth1</emphasis>) which you are
         using.</para>
       </note>
@@ -420 +420 @@
       <xref linkend="fw-masqRouter"/> for some more details.</para>
 
-      <para>If you want to add services such as internal samba or
+      <para>If you want to add services such as internal Samba or
       name servers that do not need to access the Internet themselves,
       the additional statements are quite simple and should still be
@@ -460 +460 @@
         <listitem>
           <para>Your caching name server (e.g., named) does its
-          lookups via udp:</para>
+          lookups via UDP:</para>
 
 <screen><literal>iptables -A OUTPUT -p udp --dport 53 -j ACCEPT</literal></screen>
@@ -466 +466 @@
         </listitem>
         <listitem>
-          <para>You want to be able to ping your box to
+          <para>You want to be able to ping your computer to
           ensure it's still alive:</para>
 
@@ -475 +475 @@
         <listitem>
           <para><anchor id='fw-BB-4' xreflabel="BusyBox example number 4"/>If
-          you are frequently accessing ftp servers or enjoy chatting, you might
+          you are frequently accessing FTP servers or enjoy chatting, you might
           notice certain delays because some implementations of these daemons
           have the feature of querying an identd on your system to obtain
@@ -555 +555 @@
     <title>Extra Information</title>
 
-    <sect3 id="fw-library" xreflabel="Links for further reading">
-      <title>Where to Start with Further Reading on Firewalls.</title>
+    <sect3 id="fw-library" xreflabel="links for further reading">
+      <title>Where to Start with Further Reading on Firewalls</title>
 
       <blockquote>
@@ -591 +591 @@
 
 </sect1>
-