Le 26/02/2020 à 18:04, Bruce Dubbs via blfs-book a écrit : > On 2/26/20 10:34 AM, Pierre Labastie via blfs-book wrote: >> Le 26/02/2020 à 17:20, bdubbs--- via blfs-book a écrit : >>> Author: bdubbs >>> Date: Wed Feb 26 08:20:10 2020 >>> New Revision: 22759 >>> >>> Log: >>> Comment out the nftables and firewalld sections until >>> we can make them a bit more usable. >>> >>> Modified: >>> trunk/BOOK/postlfs/security/firewalling.xml >>> trunk/BOOK/postlfs/security/iptables.xml >>> trunk/BOOK/postlfs/security/security.xml >>> >>> Modified: trunk/BOOK/postlfs/security/firewalling.xml >>> ============================================================================== >>> >>> --- trunk/BOOK/postlfs/security/firewalling.xml Tue Feb 25 20:51:27 >>> 2020 (r22758) >>> +++ trunk/BOOK/postlfs/security/firewalling.xml Wed Feb 26 08:20:10 >>> 2020 (r22759) >>> @@ -15,203 +15,727 @@ >>> <title>Setting Up a Network Firewall</title> >>> + <para>Before you read this part of the chapter, you should have >>> + already installed iptables as described in the previous section.</para> >>> + >>> <sect2 id="fw-intro" xreflabel="Firewalling Introduction"> >>> <title>Introduction to Firewall Creation</title> >>> - <para> >>> - The purpose of a firewall is to protect a computer or a network >>> against >>> - malicious access. In a perfect world every daemon or service, on >>> every >>> - machine, is perfectly configured and immune to security flaws, and >>> all >>> - users are trusted implicitly to use the equipment as intended. >>> However, >>> - this is rarely, if ever, the case. Daemons may be misconfigured, or >>> - updates may not have been applied for known exploits against >>> essential >>> - services. Additionally, you may wish to choose which services are >>> - accessible by certain machines or users, or you may wish to limit >>> which >>> - machines or applications are allowed external access. >>> Alternatively, you >>> - simply may not trust some of your applications or users. For these >>> - reasons, a carefully designed firewall should be an essential part of >>> - system security. >>> - </para> >>> - >>> - <para> >>> - While a firewall can greatly limit the scope of the above issues, >>> do not >>> - assume that having a firewall makes careful configuration >>> redundant, or >>> - that any negligent misconfiguration is harmless. A firewall does not >>> - prevent the exploitation of any service you offer outside of it. >>> Despite >>> - having a firewall, you need to keep applications and daemons properly >>> - configured and up to date. >>> - </para> >>> + <para>The general purpose of a firewall is to protect a computer or >>> + a network against malicious access.</para> >> >> This is not the format defined in the template. Please respect it. I've >> configured vi to apply the template format, not this one! > > I'm not sure what you mean. I just reverted to revision 17446 > for this file, which is the version immediately before DJ's changes 4 months > ago. >
Normally, the template uses: <para> blahblah blobblob </para> (with a 2 character indent). It's much easier to parse when using a non xml parser (xml parsers don't care). IMO, it is more readable too. Of course, there are several places in the book where the old layout is still there, because the text has not changed in the last ten years or so, but when updating text, it should be moved to the new layout... I understand that it is easier to just revert for now, and that reverting reintroduces the old format. I think I'll make a big format overhaul (without changing the text) after the release so that everything is at the new format. Then hopefully any "text change-revert" cycle should not change the format. Pierre -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
