From acab08d0d5e4d1cc386d29e6ac08fb8f08818b7b Mon Sep 17 00:00:00 2001 From: paulgear Date: Fri, 30 Mar 2007 07:24:32 +0000 Subject: [PATCH] Comprehensive posessive pronoun review (it's only ever means 'it is' or 'it has') git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5757 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/CompiledPrograms.xml | 6 +++--- docs/Documentation.xml | 6 +++--- docs/IPSEC-2.6.xml | 4 ++-- docs/Introduction.xml | 4 ++-- docs/MAC_Validation.xml | 4 ++-- docs/Macros.xml | 4 ++-- docs/MultiISP.xml | 4 ++-- docs/Multiple_Zones.xml | 4 ++-- docs/Shorewall_and_Aliased_Interfaces.xml | 4 ++-- docs/XenMyWay-Routed.xml | 4 ++-- docs/XenMyWay.xml | 4 ++-- docs/dhcp.xml | 4 ++-- docs/netmap.xml | 6 +++--- docs/shorewall_extension_scripts.xml | 4 ++-- docs/shorewall_logging.xml | 4 ++-- docs/shorewall_setup_guide.xml | 15 ++++++++++----- docs/starting_and_stopping_shorewall.xml | 4 ++-- docs/upgrade_issues.xml | 4 ++-- 18 files changed, 47 insertions(+), 42 deletions(-) diff --git a/docs/CompiledPrograms.xml b/docs/CompiledPrograms.xml index 292e9f36b..a667ba932 100644 --- a/docs/CompiledPrograms.xml +++ b/docs/CompiledPrograms.xml @@ -77,7 +77,7 @@ compile time as well as at run time. Running the script at compile time allows variable - expansion (expanding $variable to it's defined value) of + expansion (expanding $variable to its defined value) of variables used in Shorewall configuration files to occur at compile time. Running it at run-time allows your extension scripts to use the variables that it creates. BUT -- for any @@ -638,7 +638,7 @@ clean: compile time as well as at run time. Running the script at compile time allows variable - expansion (expanding $variable to it's defined value) of + expansion (expanding $variable to its defined value) of variables used in Shorewall configuration files to occur at compile time. Running it at run-time allows your extension scripts to use the variables that it creates. BUT -- for any @@ -864,4 +864,4 @@ MANGLE_FORWARD # Mangle table has FORWARD chain - \ No newline at end of file + diff --git a/docs/Documentation.xml b/docs/Documentation.xml index e4743d449..380e208d0 100644 --- a/docs/Documentation.xml +++ b/docs/Documentation.xml @@ -4248,11 +4248,11 @@ all all tcp ftp-data - 8Must be DNAT or SNAT. If DNAT, traffic entering INTERFACE and addressed to NET1 has - it's destination address rewritten to the corresponding address in + its destination address rewritten to the corresponding address in NET2. If SNAT, traffic leaving INTERFACE with a source address in - NET1 has it's source address rewritten to the corresponding address + NET1 has its source address rewritten to the corresponding address in NET2. @@ -4412,4 +4412,4 @@ eth1 - This file is described in the Traffic Accounting Documentation. - \ No newline at end of file + diff --git a/docs/IPSEC-2.6.xml b/docs/IPSEC-2.6.xml index 7a5ce6fdf..723d4e79f 100644 --- a/docs/IPSEC-2.6.xml +++ b/docs/IPSEC-2.6.xml @@ -338,7 +338,7 @@ net ipv4 You must define the vpn zone using the /etc/shorewall/hosts file. The hosts file entries below assume that you want the remote gateway to be part of the vpn zone — - If you don't wish the remote gateway included, simply omit it's IP address + If you don't wish the remote gateway included, simply omit its IP address from the HOSTS column.
@@ -857,4 +857,4 @@ all all REJECT info ipsec-tools source tree. It has a wide variety of sample racoon configuration files. - \ No newline at end of file + diff --git a/docs/Introduction.xml b/docs/Introduction.xml index a34a24275..892f959aa 100644 --- a/docs/Introduction.xml +++ b/docs/Introduction.xml @@ -79,7 +79,7 @@ state tracking capabilities. Shorewall is not a daemon. Once Shorewall has configured - Netfilter, it's job is complete and there is no Shorewall + Netfilter, its job is complete and there is no Shorewall process left running in your system. The /sbin/shorewall program can be used at any time to monitor the Netfilter firewall. @@ -323,4 +323,4 @@ ACCEPT net $FW tcp 22 along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA - \ No newline at end of file + diff --git a/docs/MAC_Validation.xml b/docs/MAC_Validation.xml index 203ed2ba0..b54247a6f 100644 --- a/docs/MAC_Validation.xml +++ b/docs/MAC_Validation.xml @@ -240,7 +240,7 @@ $WIFI_IF 00:1f:79:cd:fe:2e 192.168.3.6 #Work Laptop While marketed as a wireless bridge, the WET11 behaves like a wireless router with DHCP relay. When forwarding DHCP traffic, it uses the MAC address of the host (TIPPER) but for other forwarded - traffic it uses it's own MAC address. Consequently, I list the IP + traffic it uses its own MAC address. Consequently, I list the IP addresses of both devices in /etc/shorewall/maclist. @@ -264,4 +264,4 @@ $WIFI_IF 00:1f:79:cd:fe:2e 192.168.3.6 #Work Laptop of the host sending the traffic. - \ No newline at end of file + diff --git a/docs/Macros.xml b/docs/Macros.xml index c0e815d3c..616822742 100644 --- a/docs/Macros.xml +++ b/docs/Macros.xml @@ -588,7 +588,7 @@ bar:debug - Macros are expanded in-line while each action is it's own chain. + Macros are expanded in-line while each action is its own chain. So if there are a lot of rules involved in your new action/macro then it is generally better to use an action than a macro. Only the packets selected when you invoke the action are directed to the corresponding @@ -597,4 +597,4 @@ bar:debug - \ No newline at end of file + diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index d7a5b14b8..5f1b509c3 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -259,7 +259,7 @@ The Shorewall implementation of Multi-ISP support assumes - that each provider has it's own interface. + that each provider has its own interface. @@ -928,4 +928,4 @@ gateway:~ #Note that because we used a priority of 1000, the - \ No newline at end of file + diff --git a/docs/Multiple_Zones.xml b/docs/Multiple_Zones.xml index 8b24a9ead..b24ca76bd 100644 --- a/docs/Multiple_Zones.xml +++ b/docs/Multiple_Zones.xml @@ -173,7 +173,7 @@
I Need Separate Zones - If you need to make 192.168.2.0/24 into it's own zone, you can do + If you need to make 192.168.2.0/24 into its own zone, you can do it one of two ways; Nested Zones or Parallel Zones. Again, it is likely that you will need to be running Shorewall 2.0.16 or later and that you will have to set DROPINVALID=No in @@ -356,4 +356,4 @@ eth0:!192.168.1.0/24 192.168.1.0/24 url="MAC_Validation.html">/etc/shorewall/maclist file when everything else is working.
- \ No newline at end of file + diff --git a/docs/Shorewall_and_Aliased_Interfaces.xml b/docs/Shorewall_and_Aliased_Interfaces.xml index 093e7195a..a61fb2e24 100644 --- a/docs/Shorewall_and_Aliased_Interfaces.xml +++ b/docs/Shorewall_and_Aliased_Interfaces.xml @@ -94,7 +94,7 @@ Device "eth0:0" does not exist. The iptables program doesn't support virtual interfaces in either - it's -i or -o command options; as a + its -i or -o command options; as a consequence, Shorewall does not allow them to be used in the /etc/shorewall/interfaces file or anywhere else except as described in the discussion below. @@ -334,4 +334,4 @@ loc2 eth1:192.168.20.0/24 - \ No newline at end of file + diff --git a/docs/XenMyWay-Routed.xml b/docs/XenMyWay-Routed.xml index 206ed4c67..f2582a8ce 100644 --- a/docs/XenMyWay-Routed.xml +++ b/docs/XenMyWay-Routed.xml @@ -533,7 +533,7 @@ vpn tun+ - /etc/shorewall/masq (Note the cute trick here and in the following proxyarp file that allows me to - access the DSL "Modem" using it's default IP address + access the DSL "Modem" using its default IP address (192.168.1.1)). The leading "+" is required to place the rule before the SNAT rules generated by entries in /etc/shorewall/nat above. @@ -1010,4 +1010,4 @@ esac
- \ No newline at end of file + diff --git a/docs/XenMyWay.xml b/docs/XenMyWay.xml index d9583e67c..86d3ac823 100644 --- a/docs/XenMyWay.xml +++ b/docs/XenMyWay.xml @@ -562,7 +562,7 @@ vpn tun+ - /etc/shorewall/masq (Note the cute trick here and in the following proxyarp file that allows me to - access the DSL "Modem" using it's default IP address + access the DSL "Modem" using its default IP address (192.168.1.1)). The leading "+" is required to place the rule before the SNAT rules generated by entries in /etc/shorewall/nat above. @@ -958,4 +958,4 @@ esac - \ No newline at end of file + diff --git a/docs/dhcp.xml b/docs/dhcp.xml index 5ab312e2d..95ee91b43 100644 --- a/docs/dhcp.xml +++ b/docs/dhcp.xml @@ -115,7 +115,7 @@ It is a good idea to accept 'ping' - on any interface that gets it's IP address via DHCP. That way, if the + on any interface that gets its IP address via DHCP. That way, if the DHCP server is configured with 'ping-check' true, you won't be blocking its 'ping' requests. @@ -155,4 +155,4 @@ - \ No newline at end of file + diff --git a/docs/netmap.xml b/docs/netmap.xml index 1a6ce9566..a4b39c56a 100644 --- a/docs/netmap.xml +++ b/docs/netmap.xml @@ -100,11 +100,11 @@ Must be DNAT or SNAT. If DNAT, traffic entering INTERFACE and addressed to NET1 has - it's destination address rewritten to the corresponding address in + its destination address rewritten to the corresponding address in NET2. If SNAT, traffic leaving INTERFACE with a source address in - NET1 has it's source address rewritten to the corresponding address + NET1 has its source address rewritten to the corresponding address in NET2. @@ -312,4 +312,4 @@ SNAT 192.168.1.0/24 vpn 10.10.10.0/24 #RULE 2B. If you try it and get it working, please contribute an update to this article. - \ No newline at end of file + diff --git a/docs/shorewall_extension_scripts.xml b/docs/shorewall_extension_scripts.xml index 3565cc8db..3145077ba 100644 --- a/docs/shorewall_extension_scripts.xml +++ b/docs/shorewall_extension_scripts.xml @@ -237,7 +237,7 @@ ensure_and_save_command() -- runs the passed command. If the command fails, the firewall is - restored to it's prior saved state and the operation is terminated. + restored to its prior saved state and the operation is terminated. If the command succeeds, the command is written to the restore file @@ -333,4 +333,4 @@ - \ No newline at end of file + diff --git a/docs/shorewall_logging.xml b/docs/shorewall_logging.xml index b80650b85..c64711151 100644 --- a/docs/shorewall_logging.xml +++ b/docs/shorewall_logging.xml @@ -172,7 +172,7 @@ - If you give, for example, kern.info it's own log destination + If you give, for example, kern.info its own log destination then that destination will also receive all kernel messages of levels 5 (notice) through 0 (emerg). @@ -250,4 +250,4 @@ gateway:/etc/shorewall# For Shorewall-specific information, see FAQ #17. - \ No newline at end of file + diff --git a/docs/shorewall_setup_guide.xml b/docs/shorewall_setup_guide.xml index 9314b0564..f1a00144c 100644 --- a/docs/shorewall_setup_guide.xml +++ b/docs/shorewall_setup_guide.xml @@ -126,7 +126,12 @@ instructions. Shorewall views the network where it is running as being composed of - a set of zones. In this guide, we will use the following zones: + a set of zones. A zone is one or more hosts, which can be defined + as individual hosts or networks in + /etc/shorewall/hosts, or as + an entire interface in /etc/shorewall/interfaces. In this + guide, we will use the following zones: @@ -1075,7 +1080,7 @@ Destination Gateway Genmask Flgs MSS Win irtt Iface When sending packets over Ethernet, IP addresses aren't used. Rather Ethernet addressing is based on Media Access - Control (MAC) addresses. Each Ethernet device has it's own + Control (MAC) addresses. Each Ethernet device has its own unique MAC address which is burned into a PROM on the device during manufacture. You can obtain the MAC of an Ethernet device using the ip utility: @@ -1792,7 +1797,7 @@ ACCEPT net $FW tcp ssh #SSH to the The above discussion reflects my personal preference for using Proxy ARP for my servers in my DMZ and SNAT/NAT for my local systems. I prefer to use NAT only in cases where a system that is part of an RFC - 1918 subnet needs to have it's own public IP. + 1918 subnet needs to have its own public IP. @@ -1907,7 +1912,7 @@ ACCEPT net $FW tcp ssh #SSH to the systems named www.foobar.net and mail.foobar.net and you want the three local systems named "winken.foobar.net, blinken.foobar.net and nod.foobar.net. You want your firewall to be known as firewall.foobar.net - externally and it's interface to the local network to be know as + externally and its interface to the local network to be know as gateway.foobar.net and its interface to the dmz as dmz.foobar.net. Let's have the DNS server on 192.0.2.177 which will also be known by the name ns1.foobar.net. @@ -2424,4 +2429,4 @@ foobar.net. 86400 IN A 192.0.2.177 try command. - \ No newline at end of file + diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml index 9db7c0e39..240075856 100644 --- a/docs/starting_and_stopping_shorewall.xml +++ b/docs/starting_and_stopping_shorewall.xml @@ -476,7 +476,7 @@ gateway:~ # If the restart fails, your configuration will be - restored to it's state at the last shorewall + restored to its state at the last shorewall save. When the new configuration works then just: @@ -1565,4 +1565,4 @@ gateway:~ # on the command. - \ No newline at end of file + diff --git a/docs/upgrade_issues.xml b/docs/upgrade_issues.xml index c4239d382..b2e27a115 100644 --- a/docs/upgrade_issues.xml +++ b/docs/upgrade_issues.xml @@ -831,7 +831,7 @@ DNAT loc loc:192.168.1.12 tcp 80 - 130.252.100.69

ensure_and_save_command() -- runs the passed command. If the - command fails, the firewall is restored to it's prior saved state + command fails, the firewall is restored to its prior saved state and the operation is terminated. If the command succeeds, the command is written to the restore file @@ -1327,4 +1327,4 @@ z2 z1 NONE - \ No newline at end of file +