diff --git a/documentation/content/en/books/handbook/firewalls/_index.adoc b/documentation/content/en/books/handbook/firewalls/_index.adoc --- a/documentation/content/en/books/handbook/firewalls/_index.adoc +++ b/documentation/content/en/books/handbook/firewalls/_index.adoc @@ -503,7 +503,7 @@ * The protocol demands the use of at least two TCP connections (control and data) on separate ports. * When a session is established, data is communicated using randomly selected ports. -All of these points present security challenges, even before considering any potential security weaknesses in client or server software. +All of these points present security challenges, even before considering any potential security weaknesses in client or server software. More secure alternatives for file transfer exist, such as man:sftp[1] or man:scp[1], which both feature authentication and data transfer over encrypted connections. For those situations when FTP is required, PF provides redirection of FTP traffic to a small proxy program called man:ftp-proxy[8], which is included in the base system of FreeBSD. @@ -1598,19 +1598,19 @@ This is also known as static NAT. For example, if IP addresses `128.1.1.1`, `128.1.1.2`, and `128.1.1.3` are available, `128.1.1.1` can be used as the man:ipfw[8] machine's external IP address, while `128.1.1.2` and `128.1.1.3` are forwarded back to LAN clients `A` and `B`. -The `redirect_address` syntax is as below, where `localIP` is the internal IP address of the LAN client, and `publicIP` the external IP address corresponding to the LAN client. +The `redirect_addr` syntax is as below, where `localIP` is the internal IP address of the LAN client, and `publicIP` the external IP address corresponding to the LAN client. [.programlisting] .... -redirect_address localIP publicIP +redirect_addr localIP publicIP .... In the example, the arguments would read: [.programlisting] .... -redirect_address 192.168.0.2 128.1.1.2 -redirect_address 192.168.0.3 128.1.1.3 +redirect_addr 192.168.0.2 128.1.1.2 +redirect_addr 192.168.0.3 128.1.1.3 .... Like `redirect_port`, these arguments are placed in a NAT instance configuration. @@ -1663,7 +1663,7 @@ [.programlisting] .... redirect_port tcp 192.168.0.2:6667 6667 -redirect_address 192.168.0.3 128.1.1.3 +redirect_addr 192.168.0.3 128.1.1.3 .... ==== @@ -2686,6 +2686,6 @@ # pfctl -a blacklistd/22 -t port22 -T delete 213.0.123.128/25 .... -The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF. +The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF. The entry in blacklistd's database will eventually expire and be removed from its output. The entry will be added again if the host is matching one of the block rules in blacklistd again.