r4749 - trunk/BOOK/postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Thu Jul 21 13:18:59 PDT 2005


Author: randy
Date: 2005-07-21 14:18:59 -0600 (Thu, 21 Jul 2005)
New Revision: 4749

Modified:
   trunk/BOOK/postlfs/security/firewalling.xml
Log:
Fixed minor typos and grammar changes to Firewalling instructions

Modified: trunk/BOOK/postlfs/security/firewalling.xml
===================================================================
--- trunk/BOOK/postlfs/security/firewalling.xml	2005-07-21 15:58:37 UTC (rev 4748)
+++ trunk/BOOK/postlfs/security/firewalling.xml	2005-07-21 20:18:59 UTC (rev 4749)
@@ -45,7 +45,7 @@
     patched after an exploit went public.  Despite having a firewall, you
     need to keep applications and daemons on your system properly
     configured and up to date.  A firewall is not a cure all, but should
-    be an essential part of your overall security startegy.</para>
+    be an essential part of your overall security strategy.</para>
 
   </sect2>
 
@@ -57,10 +57,10 @@
     <sect3>
       <title><xref linkend="fw-persFw"/></title>
 
-      <para>This is a hardware device or software program commercially
-      sold by companies such as Symantec which claims that it secures
-      a home or desktop computer with Internet access. This type of
-      firewall is highly relevant for users who do not know how their
+      <para>This is a hardware device or software program commercially sold (or
+      offered via freeware) by companies such as Symantec which claims that
+      it secures a home or desktop computer connected to the Internet. This
+      type of firewall is highly relevant for users who do not know how their
       computers might be accessed via the Internet or how to disable
       that access, especially if they are always online and connected
       via broadband links.</para>
@@ -87,7 +87,7 @@
       <para>This is often an old computer you may have retired and nearly
       forgotten, performing masquerading or routing functions, but offering
       non-firewall services such as a web-cache or mail.  This may be used
-      for home networks, but is not be considered as secure as a firewall
+      for home networks, but is not to be considered as secure as a firewall
       only machine because the combination of server and router/firewall on
       one machine raises the complexity of the setup.</para>
 
@@ -98,7 +98,7 @@
       Described Here]</title>
 
       <para>This box performs masquerading or routing, but grants public
-      access to some branch of your network which, because of public IP's
+      access to some branch of your network which, because of public IPs
       and a physically separated structure, is essentially a separate
       network with direct Internet access. The servers on this network are
       those which must be easily accessible from both the Internet and
@@ -112,7 +112,7 @@
 
       <para>This type of firewall does routing or masquerading, but does
       not maintain a state table of ongoing communication streams. It is
-      fast, but quite limited in its ability to block inappropriate packets
+      fast, but quite limited in its ability to block undesired packets
       without blocking desired packets.</para>
 
     </sect3>
@@ -140,10 +140,10 @@
       comprehensive information about building your own firewall.</para>
     </caution>
 
-    <para>The firewall configuration script installed in the last section
+    <para>The firewall configuration script installed in the iptables section
     differs from the standard configuration script. It only has two of
     the standard targets: start and status. The other targets are clear
-    and lock. For instance when you run:</para>
+    and lock. For instance if you issue:</para>
 
 <screen role="root"><userinput>/etc/rc.d/init.d/iptables start</userinput></screen>
 
@@ -254,12 +254,12 @@
 chmod 700 /etc/rc.d/rc.iptables</userinput></screen>
 
       <para>This script is quite simple, it drops all traffic coming
-      in into your computer that wasn't initiated from your box, but
+      into your computer that wasn't initiated from your computer, but
       as long as you are simply surfing the Internet you are unlikely
       to exceed its limits.</para>
 
       <para>If you frequently encounter certain delays at accessing
-      ftp-servers, take a look at <xref linkend="fw-BB-4"/>.</para>
+      FTP servers, take a look at <xref linkend="fw-BB-4"/>.</para>
 
       <para>Even if you have daemons or services running on your system,
       these will be inaccessible everywhere but from your computer itself.
@@ -279,8 +279,8 @@
       for the firewall itself, make sure that there are no unnecessary
       servers running on it such as <application>X11</application> et
       al. As a general principle, the firewall itself should not access
-      any untrusted service (Think of a remote server giving answers that
-      makes a daemon on your system crash, or, even worse, that implements
+      any untrusted service (think of a remote server giving answers that
+      makes a daemon on your system crash, or even worse, that implements
       a worm via a buffer-overflow).</para>
 
 <screen role="root"><userinput>cat > /etc/rc.d/rc.iptables << "EOF"
@@ -388,9 +388,9 @@
 
       <note>
         <para>If the interface you're connecting to the Internet
-        doesn't connect via ppp, you will need to change
-        <replaceable>ppp+</replaceable> to the name of the interface,
-        e.g. <emphasis role="strong">eth1</emphasis>, which you are
+        doesn't connect via PPP, you will need to change
+        <replaceable>ppp+</replaceable> to the name of the interface
+        (e.g., <emphasis role="strong">eth1</emphasis>) which you are
         using.</para>
       </note>
 
@@ -419,7 +419,7 @@
       not run any extra services.  See the introduction to the
       <xref linkend="fw-masqRouter"/> for some more details.</para>
 
-      <para>If you want to add services such as internal samba or
+      <para>If you want to add services such as internal Samba or
       name servers that do not need to access the Internet themselves,
       the additional statements are quite simple and should still be
       acceptable from a security standpoint. Just add the following lines
@@ -459,13 +459,13 @@
         </listitem>
         <listitem>
           <para>Your caching name server (e.g., named) does its
-          lookups via udp:</para>
+          lookups via UDP:</para>
 
 <screen><literal>iptables -A OUTPUT -p udp --dport 53 -j ACCEPT</literal></screen>
 
         </listitem>
         <listitem>
-          <para>You want to be able to ping your box to
+          <para>You want to be able to ping your computer to
           ensure it's still alive:</para>
 
 <screen><literal>iptables -A INPUT  -p icmp -m icmp --icmp-type echo-request -j ACCEPT
@@ -474,7 +474,7 @@
         </listitem>
         <listitem>
           <para><anchor id='fw-BB-4' xreflabel="BusyBox example number 4"/>If
-          you are frequently accessing ftp servers or enjoy chatting, you might
+          you are frequently accessing FTP servers or enjoy chatting, you might
           notice certain delays because some implementations of these daemons
           have the feature of querying an identd on your system to obtain
           usernames. Although there's really little harm in this, having an
@@ -554,8 +554,8 @@
   <sect2 id="postlfs-security-fw-extra" xreflabel="Extra Information">
     <title>Extra Information</title>
 
-    <sect3 id="fw-library" xreflabel="Links for further reading">
-      <title>Where to Start with Further Reading on Firewalls.</title>
+    <sect3 id="fw-library" xreflabel="links for further reading">
+      <title>Where to Start with Further Reading on Firewalls</title>
 
       <blockquote>
         <literallayout>
@@ -590,4 +590,3 @@
   </sect2>
 
 </sect1>
-




More information about the blfs-book mailing list