Most of them have been fixed by Jan, I will have a cautious look.
Much better (in addition to what I posted previously) :-D :
p.1 "tranfers" should be "transfers"
p.1 "This system lays on parsing of data coming or from the user or from
the server. It is thus subject to attack and this is necessary to take
some protections when using connection tracking helpers" should be "The
system relies on parsing of data coming either from the user or the
server. It is, therefore, vulnerable and ("all the necessary
precautions"/"great care") must be taken when using connection tracking
helpers."
p.1 "tracking helpers are thus dependent on" should be "tracking helpers
are therefore dependent on"
p.2 "and it is thus deactivated by default." should be "and it is
therefore deactivated by default."
p.2. "They permit to activate the extended but dangerous features of
some protocols." should be "They permit activation of the extended, but
dangerous, features of some protocols."
p.3 "All iptables lines using “-m state --state RELATED” should be used
in conjunction with the choice of a helper. Doing that, you " should be
"The following iptables statement should be used in conjunction with the
choice of a helper:- “-m state --state RELATED”. By doing that, you"
p.4 "In particular, you have to do a strict anti-spoofing (has described
below)" should be "In particular, you have to do strict anti-spoofing
(as described below)"
p.4 "For example, let’s say we have a FTP server at IP address 1.2.3.4
running on port 2121" should be "For example, let’s say we have FTP
server running on IP address 1.2.3.4 and port 2121"
p.4 "We thus recommand NOT to use module options any more, and use the
CT target instead" should be "Therefore, the use of module options is
NOT recommended any more - please use the CT target instead."
p.4 "Each wanted helper use is then set by using a call to the CT
target." should be "Each helper we need to use is then set by a call to
the CT target."
Arghh, the only one link I did not update after the renaming of the
file:
http://home.regit.org/wp-content/uploads/2011/11/secure-conntrack-helpers.pdf
I'm hidding...
No worries, I enjoyed reading this and it was educational for me too!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
