Index: en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
===================================================================
--- en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
+++ en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
@@ -2256,18 +2256,18 @@
The inbound NAT rule is inserted
after the two rules which allow all
traffic on the trusted and loopback interfaces and after the
- reassamble rule but before the
+ reassemble rule but before the
check-state rule. It is important that the
rule number selected for this NAT rule, in
this example 100, is higher than the first
three rules and lower than the check-state
rule. Furthermore, because of the behavior of in-kernel
- NAT it is advised to place a reassamble
+ NAT it is advised to place a reassemble
rule just before the first NAT rule and
after the rules that allow traffic on trusted interface.
Normally, IP fragmentation should not
happen, but when dealing with IPSEC/ESP/GRE
- tunneling traffic it might and the reassmabling of fragments
+ tunneling traffic it might and the reassembling of fragments
is necessary before handing the complete packet over to the
in-kernel NAT facility.
@@ -2275,7 +2275,7 @@
The reassemble rule was not needed with userland
&man.natd.8; because the internal workings of the
IPFW divert
- action already takes care of reassambling packets before
+ action already takes care of reassembling packets before
delivery to the socket as also stated in &man.ipfw.8;.
The NAT instance and rule number used
@@ -2287,7 +2287,7 @@
$cmd 005 allow all from any to any via xl0 # exclude LAN traffic
$cmd 010 allow all from any to any via lo0 # exclude loopback traffic
-$cmd 099 reass all from any to any in # reassamble inbound packets
+$cmd 099 reass all from any to any in # reassemble inbound packets
$cmd 100 nat 1 ip from any to any in via $pif # NAT any inbound packets
# Allow the packet through if it has an existing entry in the dynamic rules table
$cmd 101 check-state