Context Navigation

-              r5e18c49c
+              rc2ee009c
 <para>These are only examples to show you some of the capabilities of the new
 firewalling-code in Linux-Kernel 2.4. Have a look at the man page of
+firewall code in Linux-Kernel 2.4. Have a look at the man page of
 iptables.
 There you will find more of them. The port-numbers you'll need for this
 can be found in <filename>/etc/services</filename>, in case you didn't
 find them by trial and error in your logfile.</para>
+find them by trial and error in your log file.</para>
 <para>If you add any of your offered or accessed services such as the above,

postlfs/security/firewalling/disclaimer.xml

-              r5e18c49c
+              rc2ee009c
 is a complex issue that requires careful configuration.
 The scripts quoted here are simply intended to give examples as to how
 firewalling works, they are not intended to fit into any imaginable
+a firewall works, they are not intended to fit into any imaginable
 configuration and may not prevent any imaginable attack.</para>
 <para>The purpose of this text is simply to give you a hint on how to get
 started with firewalling.</para>
+started with a firewall.</para>
 <para>Customization of these scripts for your specific situation will
 be necessary for an optimal configuration, but you should make a serious
 study of the iptables documentation and firewalling in general before hacking
+study of the iptables documentation and creating firewalls in general before hacking
 away.  Have a look at the list of <xref linkend="postlfs-security-fw-library"/> at the end
 of this section for more details.  Here you will find a list of URLs that

-              r5e18c49c
+              rc2ee009c
 buffer-overflows and any other imaginable problem regarding its
 security, and where you trusted every user accessing your services
 to aim no harm, you wouldn't need to do firewalling!
+to aim no harm, you wouldn't need to do have a firewall!
 In the real world however, daemons may be misconfigured,
 exploits against essential services are freely available, you
 …
 To minimize the risk of compromising the firewall itself it
 should generally have only one role, that of protecting the intranet.
 Although not completely riskless, the tasks of doing the routing
+Although not completely risk free, the tasks of doing the routing
 and eventually IP masquerading (rewriting IP-headers
 of the packets it routes from clients with private IP-addresses onto

-              r5e18c49c
+              rc2ee009c
 <sect2 id="postlfs-security-fw-kernel" xreflabel="getting a firewalling-enabled Kernel">
 <title>Getting a firewalling-enabled Kernel</title>
+<title>Getting a firewall enabled Kernel</title>
 <para>If you want your Linux-Box to do firewalling you must first ensure
+<para>If you want your Linux-Box to have a firewall, you must first ensure
 that your kernel has been compiled with the relevant options turned on
 <!-- <footnote><para>If you needed assistance howto configure, compile and install
+<!-- <footnote><para>If you needed assistance how to configure, compile and install
 a new kernel, refer back to chapter VIII of the LinuxFromScratch book,
 <ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/kernel.html">Installing a kernel</ulink>
 …
 <!--
 <table frame='none'>
 <title>Essential config-options for a firewalling-enabled Kernel</title>
+<title>Essential config-options for a firewall enabled Kernel</title>
 <tgroup cols='5'>
 …
 <entry><userinput>Fast switching</userinput></entry>
 <entry>Make sure to disable it because it would setup a bypass around
 your firewalling-rules.</entry>
+your firewall rules.</entry>
 <entry>w\</entry>
 <entry>CONFIG_NET_FASTROUTE</entry>

r5e18c49c	rc2ee009c
1	1	<sect3 id="postlfs-security-fw-library" xreflabel="Links for further reading">
2		<title>Where to start with further reading on firewall~~ing~~.</title>
	2	<title>Where to start with further reading on firewalls.</title>
3	3
4	4	<para><blockquote><literallayout>

-              r5e18c49c
+              rc2ee009c
 echo "of the quoted configuration rules."
 echo "You can find some quite comprehensive information"
 echo "about firewalling in Chapter 4 of the BLFS book."
 echo "http://beyond.linuxfromscratch.org/"
+echo "about firewalls in Chapter 4 of the BLFS book."
+echo "http://www.linuxfromscratch.org/blfs"
 echo

r5e18c49c	rc2ee009c
2	2	<title>firewall.stop</title>
3	3
4		<para>If you need to turn ~~firewalling~~ off, this script will do it:</para>
	4	<para>If you need to turn the firewall off, this script will do it:</para>
5	5
6	6	<screen><userinput><command>cat > /etc/rc.d/init.d/firewall.stop << "EOF"</command>

-              r5e18c49c
+              rc2ee009c
 <title>iptables-&iptables-version;</title>
 <para>The next part of this chapter deals with firewalling.  The
 principle firewalling tool for Linux, as of the 2.4 kernel series, is
+<para>The next part of this chapter deals with firewalls.  The
+principle firewall tool for Linux, as of the 2.4 kernel series, is
 <application>iptables</application>.  It replaces
 <application>ipchains</application> from the 2.2 series and
 <application>ipfwadm</application> from the
 .0 series. You will need to install <application>iptables</application> if
 you intend on using any form of firewalling.</para>
+you intend on using any form of a firewall.</para>
 &iptables-intro;

r5e18c49c	rc2ee009c
2	2	<title>Introduction to <application>iptables</application></title>
3	3
4		<para>To use ~~firewalling~~, as well as installing
	4	<para>To use a firewall, as well as installing
5	5	<application>iptables</application>, you will need
6	6	to configure the relevant options into your kernel. This is discussed

Note: See TracChangeset for help on using the changeset viewer.