Browse Source

Fix typos and some rewording in Firewall chapter

PR:     265455
main
ghislain 6 days ago committed by Sergio Carlavilla Delgado
parent
commit
f4e8db9335
  1. 6
      documentation/content/en/books/handbook/firewalls/_index.adoc

6
documentation/content/en/books/handbook/firewalls/_index.adoc

@ -2452,7 +2452,7 @@ For example: `icmp 3/3` for a port unreachable message.
[[firewalls-blacklistd]]
== Blacklistd
Blacklistd is a daemon listening to sockets to receive notifications from other daemons about connection attempts that failed or were successful.
Blacklistd is a daemon listening to sockets awaiting to receive notifications from other daemons about connection attempts that failed or were successful.
It is most widely used in blocking too many connection attempts on open ports.
A prime example is SSH running on the internet getting a lot of requests from bots or scripts trying to guess passwords and gain access.
Using blacklistd, the daemon can notify the firewall to create a filter rule to block excessive connection attempts from a single source after a number of tries. Blacklistd was first developed on NetBSD and appeared there in version 7.
@ -2501,7 +2501,7 @@ ssh stream * * * 3 24h
All rules that follow the `[local]` section are treated as local rules (which is the default), applying to the local machine.
When a `[remote]` section is encountered, all rules that follow it are handled as remote machine rules.
Seven fields define a rule separated by either tabs or spaces.
Seven fields separated by either tabs or spaces define a rule.
The first four fields identify the traffic that should be blocklisted.
The three fields that follow define backlistd's behavior.
Wildcards are denoted as asterisks (`*`), matching anything in this field.
@ -2593,7 +2593,7 @@ To explain it, this example rule is used:
The address field can be an IP address (either v4 or v6), a port or both.
This allows setting special rules for a specific remote address range like in this example.
The fields for type, protocol and owner are identically interpreted as in the local rule.
The fields for socket type, protocol and owner are identically interpreted as in the local rule.
The name fields is different though: the equal sign (`=`) in a remote rule tells blacklistd to use the value from the matching local rule.
It means that the firewall rule entry is taken and the `/25` prefix (a netmask of `255.255.255.128`) is added.

Loading…
Cancel
Save