firewall: correct spelling and grammar

2025-10-26 08:41:46 +01:00 · 2021-06-29 21:25:17 +02:00 · 2021-06-29 21:25:17 +02:00 · 1a59c34c1b
commit 1a59c34c1b
parent 1565a63bbc
1 changed files with 37 additions and 33 deletions
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@ -1,3 +1,5 @@
 :lastproofread: 2021-06-29
 .. _firewall:
 ########
@ -29,7 +31,7 @@ or zone based firewall policy.
 Global settings
 ***************
-Some firewall settings are global and have a affect on the whole system.
+Some firewall settings are global and have an affect on the whole system.
 .. cfgcmd:: set firewall all-ping [enable | disable]
@ -89,7 +91,7 @@ Some firewall settings are global and have a affect on the whole system.
 .. cfgcmd:: set firewall send-redirects [enable | disable]
-   enable or disable of ICMPv4 redirect messages send by VyOS 
+   enable or disable  ICMPv4 redirect messages send by VyOS 
   The following system parameter will be altered:
   * ``net.ipv4.conf.all.send_redirects``
@ -127,7 +129,7 @@ Some firewall settings are global and have a affect on the whole system.
 .. cfgcmd:: set firewall state-policy established log enable
-   Set the global setting for a astablished connections.
+   Set the global setting for an established connection.
 .. cfgcmd:: set firewall state-policy invalid action [accept | drop | reject]
@ -163,8 +165,8 @@ names.
 Address Groups
 ==============
-In a **address group** a single IP adresses or IP address ranges are
+In an **address group** a single IP address or IP address ranges are
-definded.
+defined.
 .. cfgcmd::  set firewall group address-group <name> address [address |
   address range]
@ -221,7 +223,7 @@ filtering unnecessary ports. Ranges of ports can be specified by using
 .. cfgcmd:: set firewall group port-group <name> port
   [portname | portnumber | startport-endport]
-   Define a port group. A port name are any name defined in
+   Define a port group. A port name can be any name defined in
   /etc/services. e.g.: http
   .. code-block:: none
@ -240,10 +242,10 @@ Rule-Sets
 *********
 A rule-set is a named collection of firewall rules that can be applied
-to an interface or zone. Each rule is numbered, has an action to apply
+to an interface or a zone. Each rule is numbered, has an action to apply
 if the rule is matched, and the ability to specify the criteria to
 match. Data packets go through the rules from 1 - 9999, at the first match
-the action of the rule will executed.
+the action of the rule will be executed.
 .. cfgcmd:: set firewall name <name> description <text>
 .. cfgcmd:: set firewall ipv6-name <name> description <text>
@ -254,7 +256,7 @@ the action of the rule will executed.
 .. cfgcmd:: set firewall ipv6-name <name> default-action [drop | reject |
   accept]
-   This set the default action of the rule-set if no rule matched a paket
+   This set the default action of the rule-set if no rule matched a packet
   criteria.
 .. cfgcmd:: set firewall name <name> enable-default-log
@ -267,7 +269,7 @@ the action of the rule will executed.
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> action [drop | reject |
   accept]
-   This required setting define the action of the current rule.
+   This required setting defines the action of the current rule.
 .. cfgcmd:: set firewall name <name> rule <1-9999> description <text>
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> description <text>
@ -287,7 +289,7 @@ the action of the rule will executed.
 Matching criteria
 =================
-There are a lot of matching criteria gainst which the package can be tested.
+There are a lot of matching criteria against which the package can be tested.
 .. cfgcmd:: set firewall name <name> rule <1-9999> source address 
@ -299,7 +301,7 @@ There are a lot of matching criteria gainst which the package can be tested.
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> destination address
   [address | addressrange | CIDR]
-   This is similiar to the network groups part, but here you are able to negate
+   This is similar to the network groups part, but here you are able to negate
   the matching addresses.
   .. code-block:: none
@ -315,7 +317,7 @@ There are a lot of matching criteria gainst which the package can be tested.
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> source mac-address 
   <mac-address>
-   Only in the source criteria you can specify a mac-address
+   Only in the source criteria, you can specify a mac-address.
   .. code-block:: none
@ -331,7 +333,7 @@ There are a lot of matching criteria gainst which the package can be tested.
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> destination port
   [1-65535 | portname | start-end]
-   A port can be set with a portnumber or a name which is here
+   A port can be set with a port number or a name which is here
   defined: ``/etc/services``.
   .. code-block:: none
@ -387,8 +389,8 @@ There are a lot of matching criteria gainst which the package can be tested.
   Match a protocol criteria. A protocol number or a name which is here
   defined: ``/etc/protocols``. 
-   Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and upd
+   Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp
-   based pakets. The ``!`` negate the selected protocol.
+   based packets. The ``!`` negate the selected protocol.
   .. code-block:: none
@ -410,9 +412,9 @@ There are a lot of matching criteria gainst which the package can be tested.
      set firewall name WAN-IN-v4 rule 13 tcp flags 'SYN,!ACK,!FIN,!RST'
 .. cfgcmd:: set firewall name <name> rule <1-9999> state [established |
-   invalid | new | related] [enable | disable ]
+   invalid | new | related] [enable | disable]
 .. cfgcmd:: set firewall ipv6-name <name> rule <1-9999> state [established |
-   invalid | new | related] [enable | disable ]
+   invalid | new | related] [enable | disable]
   Match against the state of a packet.
@ -421,10 +423,10 @@ There are a lot of matching criteria gainst which the package can be tested.
 Applying a Rule-Set to an Interface
 ***********************************
-A Rule-Set can be appliend to every inteface:
+A Rule-Set can be applied to every interface:
-* ``in``: Ruleset for forwarded packets on inbound interface
+* ``in``: Ruleset for forwarded packets on an inbound interface
-* ``out``: Ruleset for forwarded packets on outbound interface
+* ``out``: Ruleset for forwarded packets on an outbound interface
 * ``local``: Ruleset for packets destined for this router
 .. cfgcmd:: set interface ethernet <ethN> firewall [in | out | local] 
@ -451,7 +453,7 @@ Zone-based Firewall Policy
 As an alternative to applying policy to an interface directly, a
 zone-based firewall can be created to simplify configuration when
 multiple interfaces belong to the same security zone. Instead of
-applying rulesets to interfaces, they are applied to source
+applying rule-sets to interfaces, they are applied to source
 zone-destination zone pairs.
 An basic introduction to zone-based firewalls can be found `here
@ -465,12 +467,12 @@ To define a zone setup either one with interfaces or a local zone.
 .. cfgcmd:: set zone-policy zone <name> interface <interfacenames>
-   Set a interfaces to a zone. A zone can have multiple interfaces.
+   Set interfaces to a zone. A zone can have multiple interfaces.
-   But a interface can only be member in one zone.
+   But an interface can only be a member in one zone.
 .. cfgcmd:: set zone-policy zone <name> local-zone
-   Define the Zone as a local zone. A local zone have no interfaces and
+   Define the zone as a local zone. A local zone has no interfaces and
   will be applied to the router itself.
 .. cfgcmd:: set zone-policy zone <name> default-action [drop | reject]
@ -486,14 +488,14 @@ Applying a Rule-Set to a Zone
 =============================
 Before you are able to apply a rule-set to a zone you have to create the zones 
-first. 
+first.
 .. cfgcmd::  set zone-policy zone <name> from <name> firewall name
   <rule-set>
 .. cfgcmd::  set zone-policy zone <name> from <name> firewall ipv6-name
   <rule-set>
-   You apply a rule-set always to a zone from a other zone, it is recommended
+   You apply a rule-set always to a zone from an other zone, it is recommended
   to create one rule-set for each zone pair.
   .. code-block:: none
@ -577,7 +579,7 @@ Rule-set overview
 .. opcmd:: show firewall summary
-   This will show you a summary about rule-sets and groups
+   This will show you a summary of rule-sets and groups
   .. code-block:: none
@ -630,7 +632,7 @@ Rule-set overview
 .. opcmd:: show firewall [name | ipv6name] <name> rule <1-9999>
-   This command will give an overview about a rule in a single rule-set
+   This command will give an overview of a rule in a single rule-set
 .. opcmd:: show firewall group <name>
@ -658,7 +660,7 @@ Rule-set overview
 .. opcmd:: show firewall [name | ipv6name] <name>
-   This command will give an overview about a single rule-set
+   This command will give an overview of a single rule-set.
 .. opcmd:: show firewall [name | ipv6name] <name> statistics
@ -666,7 +668,7 @@ Rule-set overview
 .. opcmd:: show firewall [name | ipv6name] <name> rule <1-9999>
-   This command will give an overview about a rule in a single rule-set
+   This command will give an overview of a rule in a single rule-set.
 Zone-Policy Overview
@ -674,7 +676,7 @@ Zone-Policy Overview
 .. opcmd:: show zone-policy zone <name>
-   Use this command to get an overview about a zone
+   Use this command to get an overview of a zone.
   .. code-block:: none
@ -695,7 +697,7 @@ Show Firewall log
 .. opcmd:: show log firewall [name | ipv6name] <name>
-   Show the logs of a specific Rule-Set
+   Show the logs of a specific Rule-Set.
 .. note::
   At the moment it not possible to look at the whole firewall log with VyOS
@ -830,6 +832,8 @@ IPv6
   Use this command to set the maximum segment size for IPv6 transit
   packets on a specific interface (1280-1492 bytes).
 .. _firewall:ipv6_example:
 Example
 -------