Quickstart: manual backport to sagitta for firewall configuration in quickstart.

docs/quick-start.rst

@@ -141,7 +141,7 @@ networks, addresses, ports, and domains that describe different parts of
 our network. We can then use them for filtering within our firewall rulesets,
 allowing for more concise and readable configuration.
 
-In this case, we will create two interface groups—a ``WAN`` group for our
+In this case, we will create two interface groups — a ``WAN`` group for our
 interfaces connected to the public internet and a ``LAN`` group for the
 interfaces connected to our internal network. Additionally, we will create a
 network group, ``NET-INSIDE-v4``, that contains our internal subnet.
@@ -156,7 +156,7 @@ Configure Stateful Packet Filtering
 -----------------------------------
 
 With the new firewall structure, we have have a lot of flexibility in how we
-group and order our rules, as shown by the two alternative approaches below.
+group and order our rules, as shown by the three alternative approaches below.
 
 Option 1: Global State Policies
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -212,12 +212,11 @@ hooks as the first filtering rule in the respective chains:
   set firewall ipv4 input filter rule 10 action 'jump'
   set firewall ipv4 input filter rule 10 jump-target CONN_FILTER
 
-Option 2: Per-Hook Chain
+Option 3: Per-Hook Chain
 ^^^^^^^^^^^^^^^^^^^^^^^^
 
-Alternatively, instead of configuring the ``CONN_FILTER`` chain described above,
+Alternatively, you can take the more traditional stateful connection
-you can take the more traditional stateful connection filtering approach by
+filtering approach by creating rules on each base hook's chain:
-creating rules on each hook's chain:
 
 .. code-block:: none