diff options
author | keramida <keramida@FreeBSD.org> | 2002-10-22 22:36:56 +0000 |
---|---|---|
committer | keramida <keramida@FreeBSD.org> | 2002-10-22 22:36:56 +0000 |
commit | 307824c07da5a92a9bc14f18224dff1c5f6b88bd (patch) | |
tree | 9b3c0b2d6cda0add8e9e28a43ef7eb7244dc0b16 /share | |
parent | 28621bafdbf95bae34044d6da0eaf37589d27c55 (diff) | |
download | FreeBSD-src-307824c07da5a92a9bc14f18224dff1c5f6b88bd.zip FreeBSD-src-307824c07da5a92a9bc14f18224dff1c5f6b88bd.tar.gz |
s/then/than/ where appropriate.
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man7/firewall.7 | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/share/man/man7/firewall.7 b/share/man/man7/firewall.7 index 9b19699..144f51d 100644 --- a/share/man/man7/firewall.7 +++ b/share/man/man7/firewall.7 @@ -43,10 +43,10 @@ or other purposes. .Pp Constructing a firewall may appear to be trivial, but most people get them wrong. The most common mistake is to create an exclusive -firewall rather then an inclusive firewall. An exclusive firewall +firewall rather than an inclusive firewall. An exclusive firewall allows all packets through except for those matching a set of rules. An inclusive firewall allows only packets matching the ruleset -through. Inclusive firewalls are much, much safer then exclusive +through. Inclusive firewalls are much, much safer than exclusive firewalls but a tad more difficult to build properly. The second most common mistake is to blackhole everything except the particular port you want to let through. TCP/IP needs to be able @@ -56,7 +56,7 @@ system daemons make reverse connections to the .Sy auth service in an attempt to authenticate the user making a connection. Auth is rather dangerous but the proper implementation is to return -a TCP reset for the connection attempt rather then simply blackholing +a TCP reset for the connection attempt rather than simply blackholing the packet. We cover these and other quirks involved with constructing a firewall in the sample firewall section below. .Sh IPFW KERNEL CONFIGURATION @@ -337,7 +337,7 @@ add 06000 deny all from any to any We've mentioned multi-homing hosts and binding services to internal or external addresses but we haven't really explained it. When you have a host with multiple IP addresses assigned to it, you can bind services run -on that host to specific IPs or interfaces rather then all IPs. Take +on that host to specific IPs or interfaces rather than all IPs. Take the firewall machine for example: With three interfaces and two exposed IP addresses on one of those interfaces, the firewall machine is known by 5 different |