Spell check pass through first half of docs.

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8667 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/6to4.xml

@@ -26,7 +26,7 @@
     <copyright>
       <year>2003-2004</year>
 
-      <holder>Eric de Thoars and Tom Eastep</holder>
+      <holder>Eric de Thouars and Tom Eastep</holder>
     </copyright>
 
     <legalnotice>

docs/Accounting.xml

@@ -202,7 +202,7 @@
     on outbound ones.</para>
 
     <para>Accounting rules are not stateful -- each rule only handles traffic
-    in one direction. For example, if eth0 is your internet interface, and you
+    in one direction. For example, if eth0 is your Internet interface, and you
     have a web server in your DMZ connected to eth1, then to count HTTP
     traffic in both directions requires two rules:</para>
 

docs/Actions.xml

@@ -144,9 +144,9 @@ ACCEPT   -              -               tcp     135,139,445
         <para>Ensure correct operation. Default actions can also avoid common
         pitfalls like dropping connection requests on port TCP port 113. If
         these connections are dropped (rather than rejected) then you may
-        encounter problems connecting to internet services that utilize the
+        encounter problems connecting to Internet services that utilize the
         AUTH protocol of client authentication<footnote>
-            <para>AUTH is actually pretty silly on today's internet but it's
+            <para>AUTH is actually pretty silly on today's Internet but it's
             amazing how many servers still employ it.</para>
           </footnote></para>
       </listitem>

docs/Anatomy.xml

@@ -81,7 +81,7 @@
     class="directory">/usr/share/shorewall</filename>, <filename
     class="directory">/etc/shorewall</filename>,
     <filename>/etc/init.d</filename> and <filename
-    class="directory">/var/lilb/shorewall/</filename>. These are described in
+    class="directory">/var/lib/shorewall/</filename>. These are described in
     the sub-sections that follow.</para>
 
     <section id="sbin">
@@ -363,7 +363,7 @@
     class="directory">/usr/share/shorewall-lite</filename>, /etc/<filename
     class="directory">shorewall-lite</filename>,
     <filename>/etc/init.d</filename> and <filename
-    class="directory">/var/lilb/shorewall/</filename>. These are described in
+    class="directory">/var/lib/shorewall/</filename>. These are described in
     the sub-sections that follow.</para>
 
     <section id="sbin-lite">

docs/CompiledPrograms.xml

@@ -226,7 +226,7 @@
         <note>
           <para>The firewall systems do <emphasis role="bold">NOT</emphasis>
           need to have the full Shorewall product installed but rather only
-          the Shorewall Lite product. Shorewall and Shorewall LIte may be
+          the Shorewall Lite product. Shorewall and Shorewall Lite may be
           installed on the same system but that isn't encouraged.</para>
         </note>
       </listitem>

docs/ECN.xml

@@ -50,7 +50,7 @@
     <title>Explicit Congestion Notification (ECN)</title>
 
     <para>Explicit Congestion Notification (ECN) is described in RFC 3168 and
-    is a proposed internet standard. Unfortunately, not all sites support ECN
+    is a proposed Internet standard. Unfortunately, not all sites support ECN
     and when a TCP connection offering ECN is sent to sites that don't support
     it, the result is often that the connection request is ignored.</para>
 

docs/FAQ.xml

@@ -135,7 +135,7 @@
 
     <section id="faq76">
       <title>(FAQ 76) I just upgraded my Debian system and now masquerading
-      doesn work? What happened?</title>
+      doesn't work? What happened?</title>
 
       <para><emphasis role="bold">Answer:</emphasis> This happens to people
       who ignore <ulink url="Install.htm#Upgrade_Deb">our advice</ulink> and
@@ -149,7 +149,7 @@
 
       <section id="faq76a">
         <title>(FAQ 76a) I just upgraded my Ubuntu system and now masquerading
-        doesn work? What happened?</title>
+        doesn't work? What happened?</title>
 
         <para><emphasis role="bold">Answer:</emphasis> See <link
         linkend="faq76">above</link>.</para>
@@ -157,7 +157,7 @@
 
       <section id="faq76b">
         <title>(FAQ 76b) I just upgraded my Kubuntu system and now
-        masquerading doesn work? What happened?</title>
+        masquerading doesn't work? What happened?</title>
 
         <para><emphasis role="bold">Answer:</emphasis> See <link
         linkend="faq76">above</link>.</para>
@@ -193,7 +193,7 @@ DNAT       net      loc:192.168.1.5  udp      7777</programlisting>
 #                                                                               PORT    DEST.
 DNAT    net    loc:<emphasis>local-IP-address</emphasis>&gt;[:<emphasis>local-port</emphasis>]     <emphasis>protocol</emphasis>    <emphasis>port-number</emphasis>   -       <emphasis>external-IP</emphasis></programlisting>
 
-      <para>If you want to forward requests from a particular internet address
+      <para>If you want to forward requests from a particular Internet address
       ( <emphasis>address</emphasis> ):</para>
 
       <programlisting>#ACTION SOURCE        DEST                                   PROTO       DEST PORT     SOURCE  ORIGINAL
@@ -253,7 +253,7 @@ DNAT    net:<emphasis>address</emphasis>   loc:<emphasis>local-IP-address</empha
           <listitem>
             <para>As root, type <quote> <command>shorewall reset</command>
             </quote> ("<command>shorewall-lite reset</command>", if you are
-            running Shorewall Lite). This clears all NetFilter
+            running Shorewall Lite). This clears all Netfilter
             counters.</para>
           </listitem>
 
@@ -315,7 +315,7 @@ DNAT    net:<emphasis>address</emphasis>   loc:<emphasis>local-IP-address</empha
             the connection is being dropped or rejected. If it is, then you
             may have a zone definition problem such that the server is in a
             different zone than what is specified in the DEST column. At a
-            root promt, type "<command>shorewall show zones</command>"
+            root prompt, type "<command>shorewall show zones</command>"
             ("<command>shorewall-lite show zones</command>") then be sure that
             in the DEST column you have specified the <emphasis
             role="bold">first</emphasis> zone in the list that matches
@@ -335,7 +335,7 @@ DNAT    net:<emphasis>address</emphasis>   loc:<emphasis>local-IP-address</empha
       </section>
 
       <section id="faq1c">
-        <title>(FAQ 1c) From the internet, I want to connect to port 1022 on
+        <title>(FAQ 1c) From the Internet, I want to connect to port 1022 on
         my firewall and have the firewall forward the connection to port 22 on
         local system 192.168.1.3. How do I do that?</title>
 
@@ -462,7 +462,7 @@ eth1:192.168.1.4        0.0.0.0/0          192.168.1.1        tcp           21</
 
       <section id="faq1g">
         <title>(FAQ 1g) I would like to redirect port 80 on my public IP
-        address (206.124.146.176) to port 993 on internet host
+        address (206.124.146.176) to port 993 on Internet host
         66.249.93.111</title>
 
         <para><emphasis role="bold">Answer</emphasis>: This requires a vile
@@ -497,8 +497,8 @@ eth0:66.249.93.111  0.0.0.0/0   206.124.146.176  tcp          993</programlistin
       Guide</ulink> appropriate for your setup; the guides cover this topic in
       a tutorial fashion. DNAT rules should be used for connections that need
       to go the opposite direction from SNAT/MASQUERADE. So if you masquerade
-      or use SNAT from your local network to the internet then you will need
+      or use SNAT from your local network to the Internet then you will need
-      to use DNAT rules to allow connections from the internet to your local
+      to use DNAT rules to allow connections from the Internet to your local
       network. You also want to use DNAT rules when you intentionally want to
       rewrite the destination IP address or port number. In all other cases,
       you use ACCEPT unless you need to hijack connections as they go through
@@ -537,7 +537,7 @@ eth0:66.249.93.111  0.0.0.0/0   206.124.146.176  tcp          993</programlistin
 
       <itemizedlist>
         <listitem>
-          <para>Having an internet-accessible server in your local network is
+          <para>Having an Internet-accessible server in your local network is
           like raising foxes in the corner of your hen house. If the server is
           compromised, there's nothing between that server and your other
           internal systems. For the cost of another NIC and a cross-over
@@ -559,7 +559,7 @@ eth0:66.249.93.111  0.0.0.0/0   206.124.146.176  tcp          993</programlistin
       </itemizedlist>
 
       <para>So the best and most secure way to solve this problem is to move
-      your internet-accessible server(s) to a separate LAN segment with it's
+      your Internet-accessible server(s) to a separate LAN segment with it's
       own interface to your firewall and follow <link linkend="faq2b">FAQ
       2b</link>. That way, your local systems are still safe if your server
       gets hacked and you don't have to run a split DNS configuration
@@ -643,7 +643,7 @@ DNAT       loc           loc:192.168.1.5    tcp      www         -         <emph
           <para>If the ALL INTERFACES column in /etc/shorewall/nat is empty or
           contains <quote>Yes</quote>, you will also see log messages like the
           following when trying to access a host in Z from another host in Z
-          using the destination hosts's public address:</para>
+          using the destination host's public address:</para>
 
           <programlisting>Oct 4 10:26:40 netgw kernel:
           Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=192.168.118.200
@@ -685,7 +685,7 @@ DNAT       loc           loc:192.168.1.5    tcp      www         -         <emph
           <programlisting>#ZONE    INTERFACE    BROADCAST       OPTIONS
 dmz      eth2         192.168.2.255   <emphasis role="bold">routeback</emphasis> </programlisting>
 
-          <para>In <filename>/etc/shorewall/na</filename>t, be sure that you
+          <para>In <filename>/etc/shorewall/nat</filename>, be sure that you
           have <quote>Yes</quote> in the ALL INTERFACES column.</para>
 
           <para>In /etc/shorewall/masq:</para>
@@ -802,7 +802,7 @@ DNAT       loc           dmz:192.168.2.4    tcp      80          -         <emph
       <blockquote>
         <para><programlisting>&gt; I know PoM -ng is going to address this issue, but till it is ready, and
 &gt; all the extras are ported to it, is there any way to use the h.323
-&gt; contrack module kernel patch with a 2.6 kernel?
+&gt; conntrack module kernel patch with a 2.6 kernel?
 &gt; Running 2.6.1 - no 2.4 kernel stuff on the system, so downgrade is not
 &gt; an option... The module is not ported yet to 2.6, sorry.
 &gt; Do I have any options besides a gatekeeper app (does not work in my
@@ -831,7 +831,7 @@ to debug/develop the newnat interface.</programlisting></para>
       url="shorewall_quickstart_guide.htm">Quick Start Guides</ulink> should
       have to ask this question.</para>
 
-      <para>Regardless of which guide you used, all outbound communcation is
+      <para>Regardless of which guide you used, all outbound communication is
       open by default. So you do not need to 'open ports' for output.</para>
 
       <para>For input:</para>
@@ -877,7 +877,7 @@ to debug/develop the newnat interface.</programlisting></para>
       <para><emphasis role="bold">Answer:</emphasis> The default Shorewall
       setup invokes the <emphasis role="bold">Drop</emphasis> action prior to
       enforcing a DROP policy and the default policy to all zones from the
-      internet is DROP. The Drop action is defined in
+      Internet is DROP. The Drop action is defined in
       <filename>/usr/share/shorewall/action.Drop</filename> which in turn
       invokes the <emphasis role="bold">Auth</emphasis> macro (defined in
       <filename>/usr/share/shorewall/macro.Auth</filename>) specifying the
@@ -916,7 +916,7 @@ to debug/develop the newnat interface.</programlisting></para>
         establishment of new connections. Once a connection is established
         through the firewall it will be usable until disconnected (tcp) or
         until it times out (other protocols). If you stop telnet and try to
-        establish a new session your firerwall will block that attempt.</para>
+        establish a new session your firewall will block that attempt.</para>
       </section>
 
       <section id="faq4c">
@@ -973,7 +973,7 @@ to debug/develop the newnat interface.</programlisting></para>
           <para>The DNS settings on the local systems are wrong or the user is
           running a DNS server on the firewall and hasn't enabled UDP and TCP
           port 53 from the local net to the firewall or from the firewall to
-          the internet.</para>
+          the Internet.</para>
         </listitem>
 
         <listitem>
@@ -1042,7 +1042,7 @@ to debug/develop the newnat interface.</programlisting></para>
       may no longer be defined in terms of bridge ports. See <ulink
       url="bridge-Shorewall-perl.html">the new Shorewall-shell bridging
       documentation</ulink> for information about configuring a
-      bridge/firewall under kernel 2.6.20 and later with Shoreawall shell or
+      bridge/firewall under kernel 2.6.20 and later with Shorewall shell or
       the<ulink url="bridge-Shorewall-perl.html"> Shorewall-perl bridging
       documentation</ulink> if you use Shorewall-perl
       (highly-recommended).<note>
@@ -1167,7 +1167,7 @@ DROP      net       fw      udp      10619</programlisting>
           </listitem>
 
           <listitem>
-            <para>the ethernet frame type (2 bytes)</para>
+            <para>the Ethernet frame type (2 bytes)</para>
           </listitem>
         </itemizedlist>
 
@@ -1216,7 +1216,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
       <emphasis role="bold">less than</emphasis> this number are sent to the
       console. On the system shown in the example above, priorities 0-5 are
       sent to the console. Since Shorewall defaults to using 'info' (6), the
-      Shorewall-generated Netfilter ruleset will generate log messages that
+      Shorewall-generated Netfilter rule set will generate log messages that
       <emphasis role="bold">will not appear on the console.</emphasis></para>
 
       <para>The second number is the default log level for kernel printk()
@@ -1252,7 +1252,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
         messages or the content of the messages.</para>
 
         <para>The actual log file where Netfilter messages are written is not
-        standardized and will vary by distribution and distribusion version.
+        standardized and will vary by distribution and distribution version.
         But anytime you see no logging, it's time to look outside the
         Shorewall configuration for the cause. As an example, recent
         <trademark>SuSE</trademark> releases use syslog-ng by default and
@@ -1376,7 +1376,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
         </varlistentry>
 
         <varlistentry>
-          <term>blacklst</term>
+          <term>blacklist</term>
 
           <listitem>
             <para>The packet is being logged because the source IP is
@@ -1634,7 +1634,7 @@ modprobe: Can't locate module iptable_raw</programlisting>
     <title>Routing</title>
 
     <section id="faq32">
-      <title>(FAQ 32) My firewall has two connections to the internet from two
+      <title>(FAQ 32) My firewall has two connections to the Internet from two
       different ISPs. How do I set this up in Shorewall?</title>
 
       <para><emphasis role="bold">Answer</emphasis>: See <ulink
@@ -1933,7 +1933,7 @@ iptables: Invalid argument
       of the control of the packaging system and provides consistent behavior
       between the init scripts and <filename>/sbin/shorewall</filename> (and
       <filename>/sbin/shorewall-lite</filename>). For more information on the
-      tradeoffs involved when deciding whether to use the Debian package, see
+      factors involved when deciding whether to use the Debian package, see
       <ulink url="http://wiki.shorewall.net/wiki/ShorewallOnDebian">this
       article</ulink>.</para>
     </section>
@@ -2004,7 +2004,7 @@ iptables: Invalid argument
     <title>Traffic Shaping</title>
 
     <section id="faq67">
-      <title>(FAQ 67) I just configured Shorewall's builtin traffic shaping
+      <title>(FAQ 67) I just configured Shorewall's built in traffic shaping
       and now Shorewall fails to Start.</title>
 
       <para>The error I receive is as follows:<programlisting>RTNETLINK answers: No such file or directory
@@ -2086,7 +2086,7 @@ We have an error talking to the kernel
 
       <section id="faq25a">
         <title>(FAQ 25a) How do I tell which version of Shorewall-perl and
-        Shorewall-shell that I have intalled?</title>
+        Shorewall-shell that I have installed?</title>
 
         <para><emphasis role="bold">Answer</emphasis>: At the shell prompt,
         type:</para>
@@ -2174,7 +2174,7 @@ We have an error talking to the kernel
     <section id="faq14">
       <title>(FAQ 14) I'm connected via a cable modem and it has an internal
       web server that allows me to configure/monitor it but as expected if I
-      enable rfc1918 blocking for my eth0 interface (the internet one), it
+      enable rfc1918 blocking for my eth0 interface (the Internet one), it
       also blocks the cable modems web server.</title>
 
       <para>Is there any way it can add a rule before the rfc1918 blocking
@@ -2217,7 +2217,7 @@ We have an error talking to the kernel
       </section>
 
       <section id="faq14b">
-        <title>(FAQ 14b) I connect to the internet with PPPoE. When I try to
+        <title>(FAQ 14b) I connect to the Internet with PPPoE. When I try to
         access the built-in web server in my DSL Modem, I get connection
         Refused.</title>
 
@@ -2285,7 +2285,7 @@ eth0               eth1                        # eth1 = interface to local netwo
 
     <section id="faq18">
       <title>(FAQ 18) Is there any way to use aliased ip addresses with
-      Shorewall, and maintain separate rulesets for different IPs?</title>
+      Shorewall, and maintain separate rule sets for different IPs?</title>
 
       <para><emphasis role="bold">Answer:</emphasis> Yes. See <ulink
       url="Shorewall_and_Aliased_Interfaces.html">Shorewall and Aliased
@@ -2369,7 +2369,7 @@ eth0               eth1                        # eth1 = interface to local netwo
           <command>iptables-restore</command> to instantiate the Netfilter
           configuration. So it runs much faster than the script generated by
           the Shorewall-shell compiler and doesn't disable new connections
-          during ruleset installation.</para>
+          during rule set installation.</para>
         </listitem>
 
         <listitem>
@@ -2432,7 +2432,7 @@ rmmod nf_conntrack_sip</programlisting>Then change the DONT_LOAD specification
 
     <section id="faq20">
       <title>(FAQ 20) I have just set up a server. Do I have to change
-      Shorewall to allow access to my server from the internet?</title>
+      Shorewall to allow access to my server from the Internet?</title>
 
       <para><emphasis role="bold">Answer</emphasis>: Yes. Consult the <ulink
       url="shorewall_quickstart_guide.htm">QuickStart guide</ulink> that you
@@ -2441,8 +2441,8 @@ rmmod nf_conntrack_sip</programlisting>Then change the DONT_LOAD specification
     </section>
 
     <section id="faq24">
-      <title>(FAQ 24) How can I allow conections to let's say the ssh port
+      <title>(FAQ 24) How can I allow connections to let's say the ssh port
-      only from specific IP Addresses on the internet?</title>
+      only from specific IP Addresses on the Internet?</title>
 
       <para><emphasis role="bold">Answer</emphasis>: In the SOURCE column of
       the rule, follow <quote>net</quote> by a colon and a list of the
@@ -2540,14 +2540,14 @@ REJECT    fw            net:pagead2.googlesyndication.com    all</programlisting
       headers at the front of each packet. Stateful packet filters (of which
       Netfilter is an example) use a combination of header contents and state
       created when the packet filter processed earlier packets. Netfilter (and
-      Shorewall's use of netfilter) also consider the network interface(s)
+      Shorewall's use of Netfilter) also consider the network interface(s)
       where each packet entered and/or where the packet will leave the
       firewall/router.</para>
 
       <para>When you specify <ulink
       url="configuration_file_basics.htm#dnsnames">a domain name in a
       Shorewall rule</ulink>, the iptables program resolves that name to one
-      or more IP addresses and the actual netfilter rules that are created are
+      or more IP addresses and the actual Netfilter rules that are created are
       expressed in terms of those IP addresses. So the rule that you entered
       was equivalent to:</para>
 

docs/FTP.xml

@@ -319,7 +319,7 @@ xt_tcpudp               3328  0
 
     <example id="Example2">
       <title>if you run an FTP server that listens on port 49 or you need to
-      access a server on the internet that listens on that port then you would
+      access a server on the Internet that listens on that port then you would
       have:</title>
 
       <programlisting>loadmodule nf_conntrack_ftp ports=21,49
@@ -414,7 +414,7 @@ FTP/ACCEPT   dmz        net</programlisting>
 
     <para>Note that the FTP connection tracking in the kernel cannot handle
     cases where a PORT command (or PASV reply) is broken across two packets or
-    is misssing the ending &lt;cr&gt;/&lt;lf&gt;. When such cases occur, you
+    is missing the ending &lt;cr&gt;/&lt;lf&gt;. When such cases occur, you
     will see a console message similar to this one:</para>
 
     <programlisting>Apr 28 23:55:09 gateway kernel: conntrack_ftp: partial PORT 715014972+1</programlisting>

docs/GenericTunnels.xml

@@ -54,7 +54,7 @@
 
     <para>We want systems in the 192.168.1.0/24 subnetwork to be able to
     communicate with the systems in the 10.0.0.0/8 network. This is
-    accomplished through use of the /etc/shorwall/tunnels file, the
+    accomplished through use of the /etc/shorewall/tunnels file, the
     /etc/shorewall/policy file and the /etc/shorewall/tunnel script that is
     included with Shorewall.</para>
 

docs/IPIP.xml

@@ -43,7 +43,7 @@
   </articleinfo>
 
   <warning>
-    <para>GRE and IPIP Tunnels are insecure when used over the internet; use
+    <para>GRE and IPIP Tunnels are insecure when used over the Internet; use
     them at your own risk</para>
   </warning>
 

docs/IPP2P.xml

@@ -48,9 +48,9 @@
   <section id="Intro">
     <title>Introduction</title>
 
-    <para>Shorewall verions 2.2.0 and later include support for the ipp2p
+    <para>Shorewall versions 2.2.0 and later include support for the ipp2p
     match facility. This is a departure from my usual policy in that the ipp2p
-    match facility is included in Patch-O-Matic-NG and is unlikely to ever be
+    match facility is included in Patch-O-Matic-ENG and is unlikely to ever be
     included in the kernel.org source tree. Questions about how to install the
     patch or how to build your kernel and/or iptables should not be posted on
     the Shorewall mailing lists but should rather be referred to the Netfilter

docs/IPSEC-2.6.xml

@@ -76,7 +76,7 @@
     broken when used with a bridge device. The problem has been reported to
     the responsible Netfilter developer who has confirmed the problem. The
     problem was presumably corrected in Kernel 2.6.20 as a result of the
-    removal of defered FORWARD/OUTPUT processing of traffic destined for a
+    removal of deferred FORWARD/OUTPUT processing of traffic destined for a
     bridge. See the <ulink
     url="bridge-Shorewall-perl.html">"<emphasis>Shorewall-perl and Bridged
     Firewalls</emphasis>"</ulink> article.</para>
@@ -134,7 +134,7 @@
     by normal rules and policies.</para>
 
     <para>Under the 2.4 Linux Kernel, the association of unencrypted traffic
-    and zones was made easy by the presense of IPSEC pseudo-interfaces with
+    and zones was made easy by the presence of IPSEC pseudo-interfaces with
     names of the form <filename class="devicefile">ipsecn</filename> (e.g.
     <filename class="devicefile">ipsec0</filename>). Outgoing unencrypted
     traffic (case 1.) was send through an <filename
@@ -201,11 +201,11 @@
 
     <note>
       <para>For simple zones such as are shown in the following examples, the
-      two techniques are equivalent and are used interchangably.</para>
+      two techniques are equivalent and are used interchangeably.</para>
     </note>
 
     <note>
-      <para>It is redundent to have <emphasis role="bold">ipsec</emphasis> in
+      <para>It is redundant to have <emphasis role="bold">ipsec</emphasis> in
       the TYPE column of the <filename>/etc/shorewall/zones</filename> entry
       for a zone and to also have the <emphasis role="bold">ipsec</emphasis>
       option in <filename>/etc/shorewall/hosts</filename> entries for that
@@ -234,13 +234,13 @@
   <section id="GwFw">
     <title>IPSec Gateway on the Firewall System</title>
 
-    <para>Suppose that we have the following sutuation:</para>
+    <para>Suppose that we have the following situation:</para>
 
     <graphic fileref="images/TwoNets1.png" />
 
     <para>We want systems in the 192.168.1.0/24 sub-network to be able to
     communicate with systems in the 10.0.0.0/8 network. We assume that on both
-    systems A and B, eth0 is the internet interface.</para>
+    systems A and B, eth0 is the Internet interface.</para>
 
     <para>To make this work, we need to do two things:</para>
 
@@ -301,7 +301,7 @@ net            ipv4
     </blockquote>
 
     <para>Remember the assumption that both systems A and B have eth0 as their
-    internet interface.</para>
+    Internet interface.</para>
 
     <para>You must define the vpn zone using the
     <filename>/etc/shorewall/hosts</filename> file. The hosts file entries
@@ -448,11 +448,11 @@ sainfo address 192.168.1.0/24 any address 134.28.54.2/32 any
 }</programlisting>
 
       <warning>
-        <para>If you have hosts that access the internet through an IPSEC
+        <para>If you have hosts that access the Internet through an IPSEC
         tunnel, then it is a good idea to set the MSS value for traffic from
         those hosts explicitly in the
         <filename>/etc/shorewall/zones</filename> file. For example, if hosts
-        in the <emphasis role="bold">sec</emphasis> zone access the internet
+        in the <emphasis role="bold">sec</emphasis> zone access the Internet
         through an ESP tunnel then the following entry would be
         appropriate:</para>
 
@@ -605,7 +605,7 @@ spdflush;</programlisting>
 
       <para>On the mobile system (system B), it is not possible to create a
       static IPSEC configuration because the IP address of the laptop's
-      internet connection isn't static. I have created an 'ipsecvpn' script
+      Internet connection isn't static. I have created an 'ipsecvpn' script
       and included in the tarball and in the RPM's documentation directory;
       this script can be used to start and stop the connection.</para>
 
@@ -726,7 +726,7 @@ loc            ipv4
     <para>Since the L2TP will require the use of pppd, you will end up with
     one or more ppp interfaces (each representing an individual road warrior
     connection) for which you will need to account. This can be done by
-    modifying the inerfaces file. (Modify with additional options as
+    modifying the interfaces file. (Modify with additional options as
     needed.)</para>
 
     <blockquote>

docs/IPSEC.xml

@@ -105,13 +105,13 @@ conn packetdefault
   <section id="GwFw">
     <title>IPSec Gateway on the Firewall System</title>
 
-    <para>Suppose that we have the following sutuation:</para>
+    <para>Suppose that we have the following situation:</para>
 
     <graphic fileref="images/TwoNets1.png" />
 
     <para>We want systems in the 192.168.1.0/24 sub-network to be able to
     communicate with systems in the 10.0.0.0/8 network. We assume that on both
-    systems A and B, eth0 is the internet interface.</para>
+    systems A and B, eth0 is the Internet interface.</para>
 
     <para>To make this work, we need to do two things:</para>
 
@@ -177,7 +177,7 @@ vpn           ipsec0</programlisting>
       <filename>/etc/shorewall/zones</filename>.</emphasis></para>
 
       <para>Remember the assumption that both systems A and B have eth0 as
-      their internet interface.</para>
+      their Internet interface.</para>
 
       <para>You must define the vpn zone using the /etc/shorewall/hosts
       file.</para>
@@ -193,7 +193,7 @@ vpn          eth0:10.0.0.0/8</programlisting>
 vpn          eth0:192.168.1.0/24</programlisting>
 
       <para>In addition, <emphasis role="bold">if you are using Masquerading
-      or SNAT</emphasis> on your firewalls, you need to elmiinate the remote
+      or SNAT</emphasis> on your firewalls, you need to eliminate the remote
       network from Masquerade/SNAT. These entries <emphasis
       role="bold">replace</emphasis> your current masquerade/SNAT entries for
       the local networks.</para>
@@ -229,7 +229,7 @@ vpn           loc         ACCEPT</programlisting>
 
     <para>Shorewall can be used in a VPN Hub environment where multiple remote
     networks are connected to a gateway running Shorewall. This environment is
-    shown in this diatram.</para>
+    shown in this diagram.</para>
 
     <graphic fileref="images/ThreeNets.png" />
 
@@ -425,7 +425,7 @@ ipsec       net        0.0.0.0/0       vpn1,vpn2,vpn3</programlisting>
     Shorewall will issue warnings to that effect. These warnings may be safely
     ignored. FreeS/Wan may now be configured to have three different Road
     Warrior connections with the choice of connection being based on X-509
-    certificates or some other means. Each of these connectioins will utilize
+    certificates or some other means. Each of these connections will utilize
     a different updown script that adds the remote station to the appropriate
     zone when the connection comes up and that deletes the remote station when
     the connection comes down. For example, when 134.28.54.2 connects for the

docs/Install.xml

@@ -38,7 +38,7 @@
 
   <caution>
     <para><emphasis role="bold">This article applies to Shorewall 3.0 and
-    later. If you are installing or upgradeing to a version of Shorewall
+    later. If you are installing or upgrading to a version of Shorewall
     earlier than Shorewall 3.0.0 then please see the documentation for that
     release.</emphasis></para>
   </caution>
@@ -490,12 +490,12 @@ tar -jxf shorewall-shell-4.0.0.tar.bz2</command> (if you use this compiler)</pro
     <blockquote>
       <para>It's *VERY* simple...just put in a new CD and reboot!  :-)
       Actually, I'm only slightly kidding...that's exactly how I upgrade my
-      prodution firewalls.  The partial backup feature I added to Dachstein
+      production firewalls.  The partial backup feature I added to Dachstein
-      allows configuration data to be stored seperately from the rest of the
+      allows configuration data to be stored separately from the rest of the
       package.</para>
 
-      <para>Once the config data is seperated from the rest of the package,
+      <para>Once the config data is separated from the rest of the package,
-      it's an easy matter to upgrade the pacakge while keeping your current
+      it's an easy matter to upgrade the package while keeping your current
       configuration (in my case, just inserting a new CD and
       re-booting).</para>
 
@@ -521,7 +521,7 @@ tar -jxf shorewall-shell-4.0.0.tar.bz2</command> (if you use this compiler)</pro
 
         <listitem>
           <para>Make sure you have a working copy of your existing firewall
-          ('OLD') in a safe place, that you *DO NOT* use durring this process.
+          ('OLD') in a safe place, that you *DO NOT* use during this process.
           That way, if anything goes wrong you can simply reboot off the OLD
           disk to get back to a working configuration.</para>
         </listitem>
@@ -593,7 +593,7 @@ tar -xzvf /mnt/package2.lrp
         &lt;package&gt;.list file that resides in /etc or /var/lib/lrpkg is
         part of the configuration data and is used to create the partial
         backup.  If shorewall puts anything in /etc that isn't a user modified
-        configuration file, a proper shorwall.local file should be created
+        configuration file, a proper shorewall.local file should be created
         prior to making the partial backup [<emphasis role="bold">Editor's
         note</emphasis>: Shorewall places only user-modifiable files in
         /etc].</para>

docs/Introduction.xml

@@ -65,8 +65,8 @@
         <listitem>
           <para>iptables-restore - a program included with iptables that
           allows for atomic installation of a set of Netfilter rules. This is
-          a much more efficient way to install a ruleset than running the
+          a much more efficient way to install a rule set than running the
-          iptables utility once for each rule in the ruleset.</para>
+          iptables utility once for each rule in the rule set.</para>
         </listitem>
 
         <listitem>
@@ -269,17 +269,17 @@ loc        net         ACCEPT
 net        all         DROP        info
 all        all         REJECT      info</programlisting>In the three-interface
     sample, the line below is included but commented out. If you want your
-    firewall system to have full access to servers on the internet, uncomment
+    firewall system to have full access to servers on the Internet, uncomment
     that line. <programlisting>#SOURCE    DEST        POLICY      LOG LEVEL    LIMIT:BURST
 $FW        net         ACCEPT</programlisting> The above policy will:
     <itemizedlist>
         <listitem>
           <para>Allow all connection requests from your local network to the
-          internet</para>
+          Internet</para>
         </listitem>
 
         <listitem>
-          <para>Drop (ignore) all connection requests from the internet to
+          <para>Drop (ignore) all connection requests from the Internet to
           your firewall or local networks; these ignored connection requests
           will be logged using the <emphasis>info</emphasis> syslog priority
           (log level).</para>
@@ -287,7 +287,7 @@ $FW        net         ACCEPT</programlisting> The above policy will:
 
         <listitem>
           <para>Optionally accept all connection requests from the firewall to
-          the internet (if you uncomment the additional policy)</para>
+          the Internet (if you uncomment the additional policy)</para>
         </listitem>
 
         <listitem>
@@ -298,8 +298,8 @@ $FW        net         ACCEPT</programlisting> The above policy will:
       </itemizedlist></para>
 
     <para>To illustrate how rules provide exceptions to policies, suppose that
-    you have the polcies listed above but you want to be able to connect to
+    you have the polices listed above but you want to be able to connect to
-    your firewall from the internet using Secure Shell (SSH). Recall that SSH
+    your firewall from the Internet using Secure Shell (SSH). Recall that SSH
     connects uses TCP port 22.</para>
 
     <programlisting>#ACTION    SOURCE        DEST      PROTO      DEST
@@ -307,7 +307,7 @@ $FW        net         ACCEPT</programlisting> The above policy will:
 ACCEPT     net           $FW       tcp        22</programlisting>
 
     <para>So although you have a policy of ignoring all connection attempts
-    from the net zone (from the internet), the above exception to that policy
+    from the net zone (from the Internet), the above exception to that policy
     allows you to connect to the SSH server running on your firewall.</para>
 
     <para>Because Shorewall makes no assumptions about what traffic you want
@@ -317,7 +317,7 @@ ACCEPT     net           $FW       tcp        22</programlisting>
     <itemizedlist>
       <listitem>
         <para>The <ulink url="shorewall_quickstart_guide.htm">QuickStart
-        guildes</ulink> point to pre-populated files for use in common setups
+        guides</ulink> point to pre-populated files for use in common setups
         and the <ulink url="shorewall_setup_guide.htm">Shorewall Setup
         Guide</ulink> shows you examples for use with other more complex
         setups.</para>
@@ -377,7 +377,7 @@ ACCEPT     net           $FW       tcp        22</programlisting>
         highly portable to those Unix-like platforms that support Perl
         (including Cygwin) and is the compiler of choice for new Shorewall
         installations. Scripts created using Shorewall-perl use
-        iptables-restore to install the generated Netfilter ruleset.</para>
+        iptables-restore to install the generated Netfilter rule set.</para>
       </listitem>
 
       <listitem>

docs/KVM.xml

@@ -53,10 +53,10 @@
     <graphic align="center" fileref="images/Network2008.png" />
 
     <para>My personal laptop (Ursa) hosts the virtual machines. As shown in
-    the diagram, Ursa has routes to the internet through both the
+    the diagram, Ursa has routes to the Internet through both the
     <trademark>Linksys</trademark> WRT300N and through my Shorewall firewall.
     This allows me to test the <ulink url="MultiISP.html">Shorewall Multi-ISP
-    feature</ulink>, even though I only have a single internet
+    feature</ulink>, even though I only have a single Internet
     connection</para>
 
     <para>The Linux Bridges shown in the diagram are, of course, actually

docs/MAC_Validation.xml

@@ -41,7 +41,7 @@
 
   <important>
     <para><emphasis role="bold">MAC addresses are only visible within an
-    ethernet segment so all MAC addresses used in verification must belong to
+    Ethernet segment so all MAC addresses used in verification must belong to
     devices physically connected to one of the LANs to which your firewall is
     connected.</emphasis></para>
 
@@ -175,7 +175,7 @@
         <term>INTERFACE</term>
 
         <listitem>
-          <para>The name of an ethernet interface on the Shorewall
+          <para>The name of an Ethernet interface on the Shorewall
           system.</para>
         </listitem>
       </varlistentry>
@@ -184,7 +184,7 @@
         <term>MAC</term>
 
         <listitem>
-          <para>The MAC address of a device on the ethernet segment connected
+          <para>The MAC address of a device on the Ethernet segment connected
           by INTERFACE. It is not necessary to use the Shorewall MAC format in
           this column although you may use that format if you so choose.
           Beginning with Shorewall 3.1, you may specify "-" here if you enter

docs/Manpages.xml

@@ -105,7 +105,7 @@
 
         <member><ulink
         url="manpages/shorewall-providers.html">providers</ulink> - Define
-        routing tables, usually for mutliple internet links.</member>
+        routing tables, usually for multiple Internet links.</member>
 
         <member><ulink url="manpages/shorewall-proxyarp.html">proxyarp</ulink>
         - Define Proxy ARP.</member>

docs/Modularization.xml

@@ -90,7 +90,7 @@
     <para>Optional libraries are loaded upon demand based on the user's
     configuration.</para>
 
-    <para>In Shorewall 3.4, the optional librares are as follows.</para>
+    <para>In Shorewall 3.4, the optional libraries are as follows.</para>
 
     <itemizedlist>
       <listitem>

docs/MultiISP.xml

@@ -75,7 +75,7 @@
     <title>Multiple Internet Connection Support</title>
 
     <para>Beginning with Shorewall 2.3.2, limited support is included for
-    multiple internet connections. Limitations of this support are as
+    multiple Internet connections. Limitations of this support are as
     follows:</para>
 
     <itemizedlist>
@@ -110,7 +110,7 @@
       <title>Overview</title>
 
       <para>Let's assume that a firewall is connected via two separate
-      ethernet interfaces to two different ISPs as in the following
+      Ethernet interfaces to two different ISPs as in the following
       diagram.</para>
 
       <graphic align="center" fileref="images/TwoISPs.png" valign="middle" />
@@ -148,7 +148,7 @@
 
       <para>When you use the <emphasis role="bold">track</emphasis> option in
       <filename>/etc/shorewall/providers</filename>, connections from the
-      internet are automatically routed back out of the correct interface and
+      Internet are automatically routed back out of the correct interface and
       through the correct ISP gateway. This works whether the connection is
       handled by the firewall itself or if it is routed or port-forwarded to a
       system behind the firewall.</para>
@@ -304,7 +304,7 @@
                   be tracked so that responses may be routed back out this
                   same interface.</para>
 
-                  <para>You want to specify 'track' if internet hosts will be
+                  <para>You want to specify 'track' if Internet hosts will be
                   connecting to local servers through this provider. Any time
                   that you specify 'track', you will also want to specify
                   'balance' (see below).</para>
@@ -338,7 +338,7 @@
                   <important>
                     <para>If you are using
                     <filename>/etc/shorewall/providers</filename> because you
-                    have multiple internet connections, we recommend that you
+                    have multiple Internet connections, we recommend that you
                     specify 'track' even if you don't need it. It helps
                     maintain long-term connections in which there are
                     significant periods with no traffic.</para>
@@ -367,7 +367,7 @@
                   <important>
                     <para>If you are using
                     <filename>/etc/shorewall/providers</filename> because you
-                    have multiple internet connections, we recommend that you
+                    have multiple Internet connections, we recommend that you
                     specify 'balance' even if you don't need it. You can still
                     use entries in <filename>/etc/shorewall/tcrules</filename>
                     to force all traffic to one provider or another.<note>
@@ -464,7 +464,7 @@
               </varlistentry>
             </variablelist>
 
-            <para>For those of you who are termnally confused between<emphasis
+            <para>For those of you who are terminally confused between<emphasis
             role="bold"> track</emphasis> and <emphasis
             role="bold">balance</emphasis>:</para>
 
@@ -494,7 +494,7 @@
             Shorewall copies all routes through the interface specified in the
             INTERFACE column plus the interfaces listed in this column.
             Normally, you will list all interfaces on your firewall in this
-            column except those internet interfaces specified in the INTERFACE
+            column except those Internet interfaces specified in the INTERFACE
             column of entries in this file.</para>
           </listitem>
         </varlistentry>
@@ -532,7 +532,7 @@
       and any interfaces that do not have an IPv4 configuration. You should
       also omit interfaces like <emphasis role="bold">tun</emphasis>
       interfaces that are created dynamically. Traffic to networks handled by
-      those intefaces should be routed through the main table using entries in
+      those interfaces should be routed through the main table using entries in
       <filename>/etc/shorewall/route_rules</filename> (see Example 2 <link
       linkend="Examples">below</link>).</para>
 
@@ -608,7 +608,7 @@
       <title>Martians</title>
 
       <para>One problem that often arises with Multi-ISP configuration is
-      'Martians'. If your internet interfaces are configured with the
+      'Martians'. If your Internet interfaces are configured with the
       <emphasis role="bold">routefilter</emphasis> option in
       <filename>/etc/shorewall/interfaces</filename> (remember that if you set
       that option, you should also select <emphasis
@@ -965,7 +965,7 @@ gateway:~ #</programlisting>Note that because we used a priority of 1000, the
         OpenVPN (routed setup w/tunX) in combination with multiple providers.
         In this case you have to set up a rule to ensure that the OpenVPN
         traffic is routed back through the tunX interface(s) rather than
-        through any of the providers. 10.8.0.0/24 is the subnet choosen in
+        through any of the providers. 10.8.0.0/24 is the subnet chosen in
         your OpenVPN configuration (server 10.8.0.0 255.255.255.0).</para>
 
         <programlisting>#SOURCE                 DEST            PROVIDER        PRIORITY
@@ -981,7 +981,7 @@ gateway:~ #</programlisting>Note that because we used a priority of 1000, the
 
       <orderedlist numeration="loweralpha">
         <listitem>
-          <para>Only ethernet (or ethernet-like) interfaces can be used. For
+          <para>Only Ethernet (or Ethernet-like) interfaces can be used. For
           inbound traffic, the MAC addresses of the gateway routers are used
           to determine which provider a packet was received through. Note that
           only routed traffic can be categorized using this technique.</para>

docs/Multiple_Zones.xml

@@ -90,7 +90,7 @@
 
       <listitem>
         <para>The order of entries in /etc/shorewall/hosts is immaterial as
-        far as the generated ruleset is concerned.</para>
+        far as the generated rule set is concerned.</para>
       </listitem>
     </itemizedlist>
 
@@ -125,7 +125,7 @@
 
       <itemizedlist>
         <listitem>
-          <para>The firewall requirements to/from the internet are the same
+          <para>The firewall requirements to/from the Internet are the same
           for 192.168.1.0/24 and 192.168.2.0/24.</para>
         </listitem>
 
@@ -180,7 +180,7 @@
         <title>Nested Zones</title>
 
         <para>You can define one zone (called it <quote>loc</quote>) as being
-        all hosts connectied to eth1 and a second zone <quote>loc1</quote>
+        all hosts connected to eth1 and a second zone <quote>loc1</quote>
         (192.168.2.0/24) as a sub-zone.</para>
 
         <graphic fileref="images/MultiZone1A.png" />
@@ -190,7 +190,7 @@
         connection request doesn't match a <quote>loc1</quote> rule, it will
         be matched against the <quote>loc</quote> rules. For example, if your
         loc1-&gt;net policy is CONTINUE then if a connection request from loc1
-        to the internet doesn't match any rules for loc1-&gt;net then it will
+        to the Internet doesn't match any rules for loc1-&gt;net then it will
         be checked against the loc-&gt;net rules.</para>
 
         <para><filename>/etc/shorewall/zones</filename></para>
@@ -302,7 +302,7 @@ loc1                loc                  NONE</programlisting>
 
     <para>Nested zones may also be used to configure a
     <quote>one-armed</quote> router (I don't call it a <quote>firewall</quote>
-    because it is very insecure. For example, if you connect to the internet
+    because it is very insecure. For example, if you connect to the Internet
     via cable modem, your next door neighbor has full access to your local
     systems as does everyone else connected to the same cable modem head-end
     controller). Here eth0 is configured with both a public IP address and an