From nobody@FreeBSD.org  Tue Apr  1 19:01:00 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 515D6106567F
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Apr 2008 19:01:00 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 3F0248FC14
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  1 Apr 2008 19:01:00 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m31J0wvw016227
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 1 Apr 2008 19:00:58 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m31J0wAe016226;
	Tue, 1 Apr 2008 19:00:58 GMT
	(envelope-from nobody)
Message-Id: <200804011900.m31J0wAe016226@www.freebsd.org>
Date: Tue, 1 Apr 2008 19:00:58 GMT
From: John Ferrell <jdferrell3@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] update to PF section of handbook
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         122351
>Category:       docs
>Synopsis:       [patch] update to PF section of handbook
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gabor
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 01 19:10:01 UTC 2008
>Closed-Date:    Sun Jun 15 13:17:37 UTC 2008
>Last-Modified:  Sun Jun 15 13:20:03 UTC 2008
>Originator:     John Ferrell
>Release:        7.0-RELEASE
>Organization:
>Environment:
FreeBSD fbsd.local 7.0-RELEASE FreeBSD 7.0-RELEASE #7: Mon Mar 24 17:46:10 EDT 2008     root@local:/usr/obj/usr/src/sys/JDF  i386

>Description:
Attached is a diff to update the PF section of firewalls/chapter.sgml.  I revised and updated the section, rewording and reorganizing parts for clarity.  I also pointed out the /etc/pf.conf move in FreeBSD 7.0 (docs/121321: Handbook should reflect new pf.conf defaults) and addressed why you would want to compile PF support into the kernel.  (There was a comment on the freebsd-doc list recently about compiling pfsync into the kernel.)

The updated version can be viewed here:
http://bigapps.rhsmith.umd.edu/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html

Comments/suggestions are welcome.

Thanks,
John
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

--- chapter.sgml.orig	2008-03-28 17:07:01.000000000 -0400
+++ chapter.sgml	2008-04-01 14:14:19.000000000 -0400
@@ -182,6 +182,17 @@
   </sect1>
 
   <sect1 id="firewalls-pf">
+      <sect1info>    
+        <authorgroup>
+          <author>
+            <firstname>John</firstname>
+            <surname>Ferrell</surname>
+            <contrib>Revised and updated by </contrib>
+            <!-- 24 March 2008 -->
+          </author>
+        </authorgroup>
+      </sect1info>
+
     <title>The OpenBSD Packet Filter (PF) and
       <acronym>ALTQ</acronym></title>
 
@@ -192,60 +203,65 @@
     </indexterm>
 
     <para>As of July 2003 the OpenBSD firewall software application
-      known as <acronym>PF</acronym> was ported to &os; and was made
-      available in the &os; Ports Collection; the first release that
-      contained <acronym>PF</acronym> as an integrated part of the
-      base system was &os;&nbsp;5.3 in November 2004.
-      <acronym>PF</acronym> is a complete, fully featured firewall
+      known as <acronym>PF</acronym> was ported to &os; and 
+      made available in the &os; Ports Collection.  Released in 2004, 
+      &os; 5.3 was the first release that contained 
+      <acronym>PF</acronym> as an integrated part of the base system.
+      <acronym>PF</acronym> is a complete, full-featured firewall
       that has optional support for <acronym>ALTQ</acronym> (Alternate
       Queuing).  <acronym>ALTQ</acronym> provides Quality of Service
-      (<acronym>QoS</acronym>) bandwidth shaping that allows
-      guaranteeing bandwidth to different services based on filtering
-      rules.  The OpenBSD Project does an outstanding job of
-      maintaining the PF User's Guide that it will not be made part of
-      this handbook firewall section as that would just be duplicated
-      effort.</para>
-
-    <para>More info can be found at the PF for &os; web site: <ulink
-	url="http://pf4freebsd.love2party.net/"></ulink>.</para>
-
-    <sect2>
-      <title>Enabling PF</title>
-
-      <para>PF is included in the basic &os; install for versions newer
-	than 5.3 as a separate run time loadable module.  The system
-	will dynamically load the PF kernel loadable module when the
-	rc.conf statement <literal>pf_enable="YES"</literal> is used.
-	The loadable module was created with &man.pflog.4; logging
-	enabled.</para>
-
-      <note>
-	<para>The module assumes the presence of <literal>options
-	    INET</literal> and <literal>device bpf</literal>.  Unless
-	  <literal>NOINET6</literal> for &os; prior to 6.0-RELEASE and
-	  <literal>NO_INET6</literal> for later releases (for example in
-	  &man.make.conf.5;) was defined during the build, it also
-	  requires <literal>options INET6</literal>.</para>
-      </note>
+      (<acronym>QoS</acronym>) functionality.</para>
 
-      <para>Once the kernel module is loaded or the kernel is statically
-	built with PF support, it is possible to enable or disable
-	<application>pf</application> with the <command>pfctl</command>
-	command.</para>
-
-      <para>This example demonstrates how to enable
-	<application>pf</application>:</para>
-
-      <screen>&prompt.root; <userinput>pfctl -e</userinput></screen>
-
-      <para>The <command>pfctl</command> command provides a way to work
-	with the <application>pf</application> firewall. It is a good
-	idea to check the &man.pfctl.8; manual page to find out more
-	information about using it.</para>
+    <para>The OpenBSD Project does an outstanding job of
+      maintaining the 
+      <ulink url="http://www.openbsd.org/faq/pf/">PF FAQ</ulink>.  
+      As such, this section of the handbook will focus on  
+      <acronym>PF</acronym> as it pertains to &os; while providing 
+      some general information regarding usage.  For detailed usage 
+      information please refer to the 
+      <ulink url="http://www.openbsd.org/faq/pf/">PF FAQ</ulink>.      
+      </para>
+
+    <para>More information about <acronym>PF</acronym> for &os; 
+      can be found at 
+      <ulink url="http://pf4freebsd.love2party.net/"></ulink>.</para>
+
+    <sect2>
+      <title>Using the PF loadable kernel module</title>
+
+      <para>Since the release of &os; 5.3, PF has been included in the 
+        basic install as a separate run time loadable module.  The 
+        system will dynamically load the PF kernel module when the 
+        &man.rc.conf.5; statement <literal>pf_enable="YES"</literal> 
+        is present.  However, the <acronym>PF</acronym> module will 
+        not load if the system cannot find a <acronym>PF</acronym> 
+        ruleset configuration file.  The default location is 
+        <filename>/etc/pf.conf</filename>.  If your 
+        <acronym>PF</acronym> ruleset is located somewhere else use 
+        <option>pf_rules="<replaceable>/path/pf.rules</replaceable>"</option>
+        to specify the location.</para>
+
+        <note>
+          <para>As of &os; 7.0 the sample <filename>pf.conf</filename> that 
+            was in <filename>/etc/</filename> has been moved to 
+            <filename>/usr/share/examples/pf/</filename>.  For &os; versions 
+            prior to 7.0 there is an <filename>/etc/pf.conf</filename> by 
+            default.</para>
+        </note>
+
+      <para>The <acronym>PF</acronym> module can also be loaded manually 
+        from the command line:</para>
+
+      <screen>&prompt.root; <userinput>kldload pf.ko</userinput></screen>
+
+      <para>The loadable module was created with &man.pflog.4; enabled 
+         which provides support for logging.  If you need other 
+         <acronym>PF</acronym> features you will need to compile 
+         <acronym>PF</acronym> support into the kernel.</para>  
     </sect2>
 
     <sect2>
-      <title>Kernel options</title>
+      <title>PF kernel options</title>
 
       <indexterm>
 	<primary>kernel options</primary>
@@ -265,22 +281,27 @@
 	<secondary>device pfsync</secondary>
       </indexterm>
 
-      <para>It is not a mandatory requirement that you enable PF by
-	compiling the following options into the &os; kernel.  It is
-	only presented here as background information.  Compiling PF
-	into the kernel causes the loadable module to never be
-	used.</para>
-
-      <para>Sample kernel config PF option statements are in the
-	<filename>/usr/src/sys/conf/NOTES</filename> kernel source and
-	are reproduced here:</para>
+      <para>While it is not necessary that you compile
+        <acronym>PF</acronym> support into the &os; kernel, you may want 
+        to do so to take advantage of one of PF's advanced features that 
+        is not included in the loadable module, namely &man.pfsync.4;.  
+        pfsync is a pseudo-device that exposes certain changes to
+        the state table used by <acronym>PF</acronym>.  pfsync can be 
+        paired with &man.carp.4; to create failover firewalls using 
+        <acronym>PF</acronym>.  More information on 
+        <acronym>CARP</acronym> can be found in 
+        <link linkend="carp">chapter 29</link> of the handbook.</para>
+
+      <para>The <acronym>PF</acronym> kernel options can be found in 
+	<filename>/usr/src/sys/conf/NOTES</filename> and are reproduced 
+        below:</para>
 
       <programlisting>device pf
 device pflog
 device pfsync</programlisting>
 
       <para><literal>device pf</literal> enables support for the
-	<quote>Packet Filter</quote> firewall.</para>
+	<quote>Packet Filter</quote> firewall (&man.pf.4;).</para>
 
       <para><literal>device pflog</literal> enables the optional
 	&man.pflog.4; pseudo network device which can be used to log
@@ -288,21 +309,15 @@
 	can be used to store the logging information to disk.</para>
 
       <para><literal>device pfsync</literal> enables the optional
-	&man.pfsync.4; pseudo network device that is used to monitor
-	<quote>state changes</quote>.  As this is not part of the
-	loadable module one has to build a custom kernel to use
-	it.</para>
-
-      <para>These settings will take effect only after you have built
-	and installed a kernel with them set.</para>
+	&man.pfsync.4; pseudo-network device that is used to monitor
+	<quote>state changes</quote>.</para>
     </sect2>
 
     <sect2>
       <title>Available rc.conf Options</title>
 
-      <para>You need the following statements in
-	<filename>/etc/rc.conf</filename> to activate PF at boot
-	time:</para>
+      <para>The following &man.rc.conf.5; statements configure
+	<acronym>PF</acronym> and &man.pflog.4; at boot:</para>
 
       <programlisting>pf_enable="YES"                 # Enable PF (load module if required)
 pf_rules="/etc/pf.conf"         # rules definition file for pf
@@ -312,22 +327,110 @@
 pflog_flags=""                  # additional flags for pflogd startup</programlisting>
 
       <para>If you have a LAN behind this firewall and have to forward
-	packets for the computers in the LAN or want to do NAT, you
-	have to enable the following option as well:</para>
+	packets for the computers on the LAN or want to do NAT, you
+	will need the following option as well:</para>
 
       <programlisting>gateway_enable="YES"            # Enable as LAN gateway</programlisting>
     </sect2>
 
     <sect2>
+      <title>Creating Filtering Rules</title>
+
+      <para><acronym>PF</acronym> reads its configuration rules from 
+        &man.pf.conf.5; (<filename>/etc/pf.conf</filename> by 
+        default) and it modifies, drops, or passes packets according to 
+        the rules or definitions specified there.  The &os; 
+        installation includes several sample files located in 
+        <filename>/usr/share/examples/pf/</filename>.  Please refer to 
+        the <ulink url="http://www.openbsd.org/faq/pf/">PF FAQ</ulink> 
+        for complete coverage of <acronym>PF</acronym> rulesets.</para>
+
+      <warning>
+	<para>When browsing the <ulink url="http://www.openbsd.org/faq/pf/">PF FAQ</ulink>, 
+          please keep in mind that different versions of &os; contain 
+          different versions of PF:</para>
+
+        <itemizedlist>
+          <listitem>
+            <simpara>&os; 5.x - <acronym>PF</acronym> is at OpenBSD 3.5</simpara>
+            </listitem>
+
+          <listitem>
+            <simpara>&os; 6.x - <acronym>PF</acronym> is at OpenBSD 3.7</simpara>
+            </listitem>
+
+          <listitem>
+            <simpara>&os; 7.x - <acronym>PF</acronym> is at OpenBSD 4.1</simpara>
+            </listitem>
+        </itemizedlist>
+      </warning>
+
+      <para>The &a.pf; is a good place to ask questions about
+	configuring and running the <acronym>PF</acronym>
+	firewall.  Do not forget to check the mailing list archives
+	before asking questions!</para>
+    </sect2>
+
+    <sect2>
+      <title>Working with PF</title>
+
+      <para>Use &man.pfctl.8; to control <acronym>PF</acronym>.  Below 
+        are some useful commands (be sure to review the &man.pfctl.8; 
+        man page for all available options):
+	</para>
+
+        <informaltable frame="none" pgwide="1">
+          <tgroup cols="2">
+            <thead>
+              <row>
+                <entry>Command</entry>
+                <entry>Purpose</entry>
+              </row>
+            </thead>
+
+            <tbody>
+              <row>
+                <entry><command>pfctl -e</command></entry>
+                <entry>Enable PF</entry>
+              </row>
+
+              <row>
+                <entry><command>pfctl -d</command></entry>
+                <entry>Disable PF</entry>
+              </row>
+
+              <row>
+                <entry><command>pfctl -F all -f /etc/pf.conf</command></entry>
+                <entry>Flush all rules (nat, filter, state, table, etc.) and reload from the file <filename>/etc/pf.conf</filename></entry>
+              </row>
+
+              <row>
+                <entry><command>pfctl -s [ rules | nat | state ]</command></entry>
+                <entry>Report on the  filter rules, nat rules, or state table</entry>
+              </row>
+
+              <row>
+                <entry><command>pfctl -vnf /etc/pf.conf</command></entry>
+                <entry>Check <filename>/etc/pf.conf</filename> for errors, but do not load ruleset</entry>
+              </row>
+
+            </tbody>
+          </tgroup>
+        </informaltable>
+    </sect2>
+
+    <sect2>
       <title>Enabling <acronym>ALTQ</acronym></title>
 
-      <para><acronym>ALTQ</acronym> is only available by compiling the
-	options into the &os; Kernel.  <acronym>ALTQ</acronym> is not
-	supported by all of the available network card drivers.	 Please
-	see the &man.altq.4; manual page for a list of drivers that are
-	supported in your release of &os;.  The following options will
-	enable <acronym>ALTQ</acronym> and add additional
-	functionality.</para>
+      <para><acronym>ALTQ</acronym> is only available by compiling 
+        support for it into the &os; kernel.  <acronym>ALTQ</acronym> is 
+        not supported by all of the available network card drivers.	 
+        Please see the &man.altq.4; manual page for a list of drivers 
+        that are supported in your release of &os;.</para>
+
+      <para>The following kernel options will enable 
+        <acronym>ALTQ</acronym> and add additional functionality:
+        </para>
 
       <programlisting>options         ALTQ
 options         ALTQ_CBQ        # Class Bases Queuing (CBQ)
@@ -373,36 +476,6 @@
 	This option is required on <acronym>SMP</acronym>
 	systems.</para>
     </sect2>
-
-    <sect2>
-      <title>Creating Filtering Rules</title>
-
-      <para>The Packet Filter reads its configuration rules from the
-	&man.pf.conf.5; file and it modifies, drops or passes packets
-	according to the rules or definitions specified there.  The &os;
-	installation comes with a default
-	<filename>/etc/pf.conf</filename> which contains useful examples
-	and explanations.</para>
-
-      <para>Although &os; has its own <filename>/etc/pf.conf</filename>
-	the syntax is the same as one used in OpenBSD.  A great
-	resource for configuring the <application>pf</application>
-	firewall has been written by OpenBSD team and is available at
-	<ulink url="http://www.openbsd.org/faq/pf/"></ulink>.</para>
-
-      <warning>
-	<para>When browsing the pf user's guide, please keep in mind that
-     different versions of &os; contain different versions of pf.  The
-     <application>pf</application> firewall in &os; 5.X is at the level
-     of OpenBSD version 3.5 and in &os; 6.X is at the level of OpenBSD
-     version 3.7.</para>
-      </warning>
-
-      <para>The &a.pf; is a good place to ask questions about
-	configuring and running the <application>pf</application>
-	firewall.  Do not forget to check the mailing list archives
-	before asking questions.</para>
-    </sect2>
   </sect1>
 
   <sect1 id="firewalls-ipf">


>Release-Note:
>Audit-Trail:

From: John Ferrell <jdferrell3@yahoo.com>
To: bug-followup@FreeBSD.org, jdferrell3@yahoo.com
Cc:  
Subject: Re: docs/122351: [patch] update to PF section of handbook
Date: Tue, 8 Apr 2008 11:03:20 -0700 (PDT)

 --0-2114477508-1207677800=:37890
 Content-Type: multipart/alternative; boundary="0-380745449-1207677800=:37890"
 
 --0-380745449-1207677800=:37890
 Content-Type: text/plain; charset=us-ascii
 
 Minor change to diff file.  (New diff attached)
 
 John
 
 
 --0-380745449-1207677800=:37890
 Content-Type: text/html; charset=us-ascii
 
 <html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:arial,helvetica,sans-serif;font-size:12pt"><div>Minor change to diff file.&nbsp; (New diff attached)<br><br>John<br></div></div></body></html>
 --0-380745449-1207677800=:37890--
 --0-2114477508-1207677800=:37890
 Content-Type: text/plain; name="chapter.sgml.diff.txt"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="chapter.sgml.diff.txt"
 
 LS0tIGNoYXB0ZXIuc2dtbC5vcmlnCTIwMDgtMDMtMjggMTc6MDc6MDEuMDAw
 MDAwMDAwIC0wNDAwCisrKyBjaGFwdGVyLnNnbWwJMjAwOC0wNC0wMSAxNDox
 NDoxOS4wMDAwMDAwMDAgLTA0MDAKQEAgLTE4Miw2ICsxODIsMTcgQEAKICAg
 PC9zZWN0MT4KIAogICA8c2VjdDEgaWQ9ImZpcmV3YWxscy1wZiI+CisgICAg
 ICA8c2VjdDFpbmZvPiAgICAKKyAgICAgICAgPGF1dGhvcmdyb3VwPgorICAg
 ICAgICAgIDxhdXRob3I+CisgICAgICAgICAgICA8Zmlyc3RuYW1lPkpvaG48
 L2ZpcnN0bmFtZT4KKyAgICAgICAgICAgIDxzdXJuYW1lPkZlcnJlbGw8L3N1
 cm5hbWU+CisgICAgICAgICAgICA8Y29udHJpYj5SZXZpc2VkIGFuZCB1cGRh
 dGVkIGJ5IDwvY29udHJpYj4KKyAgICAgICAgICAgIDwhLS0gMjQgTWFyY2gg
 MjAwOCAtLT4KKyAgICAgICAgICA8L2F1dGhvcj4KKyAgICAgICAgPC9hdXRo
 b3Jncm91cD4KKyAgICAgIDwvc2VjdDFpbmZvPgorCiAgICAgPHRpdGxlPlRo
 ZSBPcGVuQlNEIFBhY2tldCBGaWx0ZXIgKFBGKSBhbmQKICAgICAgIDxhY3Jv
 bnltPkFMVFE8L2Fjcm9ueW0+PC90aXRsZT4KIApAQCAtMTkyLDYwICsyMDMs
 NjUgQEAKICAgICA8L2luZGV4dGVybT4KIAogICAgIDxwYXJhPkFzIG9mIEp1
 bHkgMjAwMyB0aGUgT3BlbkJTRCBmaXJld2FsbCBzb2Z0d2FyZSBhcHBsaWNh
 dGlvbgotICAgICAga25vd24gYXMgPGFjcm9ueW0+UEY8L2Fjcm9ueW0+IHdh
 cyBwb3J0ZWQgdG8gJm9zOyBhbmQgd2FzIG1hZGUKLSAgICAgIGF2YWlsYWJs
 ZSBpbiB0aGUgJm9zOyBQb3J0cyBDb2xsZWN0aW9uOyB0aGUgZmlyc3QgcmVs
 ZWFzZSB0aGF0Ci0gICAgICBjb250YWluZWQgPGFjcm9ueW0+UEY8L2Fjcm9u
 eW0+IGFzIGFuIGludGVncmF0ZWQgcGFydCBvZiB0aGUKLSAgICAgIGJhc2Ug
 c3lzdGVtIHdhcyAmb3M7Jm5ic3A7NS4zIGluIE5vdmVtYmVyIDIwMDQuCi0g
 ICAgICA8YWNyb255bT5QRjwvYWNyb255bT4gaXMgYSBjb21wbGV0ZSwgZnVs
 bHkgZmVhdHVyZWQgZmlyZXdhbGwKKyAgICAgIGtub3duIGFzIDxhY3Jvbnlt
 PlBGPC9hY3JvbnltPiB3YXMgcG9ydGVkIHRvICZvczsgYW5kIAorICAgICAg
 bWFkZSBhdmFpbGFibGUgaW4gdGhlICZvczsgUG9ydHMgQ29sbGVjdGlvbi4g
 IFJlbGVhc2VkIGluIDIwMDQsIAorICAgICAgJm9zOyA1LjMgd2FzIHRoZSBm
 aXJzdCByZWxlYXNlIHRoYXQgY29udGFpbmVkIAorICAgICAgPGFjcm9ueW0+
 UEY8L2Fjcm9ueW0+IGFzIGFuIGludGVncmF0ZWQgcGFydCBvZiB0aGUgYmFz
 ZSBzeXN0ZW0uCisgICAgICA8YWNyb255bT5QRjwvYWNyb255bT4gaXMgYSBj
 b21wbGV0ZSwgZnVsbC1mZWF0dXJlZCBmaXJld2FsbAogICAgICAgdGhhdCBo
 YXMgb3B0aW9uYWwgc3VwcG9ydCBmb3IgPGFjcm9ueW0+QUxUUTwvYWNyb255
 bT4gKEFsdGVybmF0ZQogICAgICAgUXVldWluZykuICA8YWNyb255bT5BTFRR
 PC9hY3JvbnltPiBwcm92aWRlcyBRdWFsaXR5IG9mIFNlcnZpY2UKLSAgICAg
 ICg8YWNyb255bT5Rb1M8L2Fjcm9ueW0+KSBiYW5kd2lkdGggc2hhcGluZyB0
 aGF0IGFsbG93cwotICAgICAgZ3VhcmFudGVlaW5nIGJhbmR3aWR0aCB0byBk
 aWZmZXJlbnQgc2VydmljZXMgYmFzZWQgb24gZmlsdGVyaW5nCi0gICAgICBy
 dWxlcy4gIFRoZSBPcGVuQlNEIFByb2plY3QgZG9lcyBhbiBvdXRzdGFuZGlu
 ZyBqb2Igb2YKLSAgICAgIG1haW50YWluaW5nIHRoZSBQRiBVc2VyJ3MgR3Vp
 ZGUgdGhhdCBpdCB3aWxsIG5vdCBiZSBtYWRlIHBhcnQgb2YKLSAgICAgIHRo
 aXMgaGFuZGJvb2sgZmlyZXdhbGwgc2VjdGlvbiBhcyB0aGF0IHdvdWxkIGp1
 c3QgYmUgZHVwbGljYXRlZAotICAgICAgZWZmb3J0LjwvcGFyYT4KLQotICAg
 IDxwYXJhPk1vcmUgaW5mbyBjYW4gYmUgZm91bmQgYXQgdGhlIFBGIGZvciAm
 b3M7IHdlYiBzaXRlOiA8dWxpbmsKLQl1cmw9Imh0dHA6Ly9wZjRmcmVlYnNk
 LmxvdmUycGFydHkubmV0LyI+PC91bGluaz4uPC9wYXJhPgotCi0gICAgPHNl
 Y3QyPgotICAgICAgPHRpdGxlPkVuYWJsaW5nIFBGPC90aXRsZT4KLQotICAg
 ICAgPHBhcmE+UEYgaXMgaW5jbHVkZWQgaW4gdGhlIGJhc2ljICZvczsgaW5z
 dGFsbCBmb3IgdmVyc2lvbnMgbmV3ZXIKLQl0aGFuIDUuMyBhcyBhIHNlcGFy
 YXRlIHJ1biB0aW1lIGxvYWRhYmxlIG1vZHVsZS4gIFRoZSBzeXN0ZW0KLQl3
 aWxsIGR5bmFtaWNhbGx5IGxvYWQgdGhlIFBGIGtlcm5lbCBsb2FkYWJsZSBt
 b2R1bGUgd2hlbiB0aGUKLQlyYy5jb25mIHN0YXRlbWVudCA8bGl0ZXJhbD5w
 Zl9lbmFibGU9IllFUyI8L2xpdGVyYWw+IGlzIHVzZWQuCi0JVGhlIGxvYWRh
 YmxlIG1vZHVsZSB3YXMgY3JlYXRlZCB3aXRoICZtYW4ucGZsb2cuNDsgbG9n
 Z2luZwotCWVuYWJsZWQuPC9wYXJhPgotCi0gICAgICA8bm90ZT4KLQk8cGFy
 YT5UaGUgbW9kdWxlIGFzc3VtZXMgdGhlIHByZXNlbmNlIG9mIDxsaXRlcmFs
 Pm9wdGlvbnMKLQkgICAgSU5FVDwvbGl0ZXJhbD4gYW5kIDxsaXRlcmFsPmRl
 dmljZSBicGY8L2xpdGVyYWw+LiAgVW5sZXNzCi0JICA8bGl0ZXJhbD5OT0lO
 RVQ2PC9saXRlcmFsPiBmb3IgJm9zOyBwcmlvciB0byA2LjAtUkVMRUFTRSBh
 bmQKLQkgIDxsaXRlcmFsPk5PX0lORVQ2PC9saXRlcmFsPiBmb3IgbGF0ZXIg
 cmVsZWFzZXMgKGZvciBleGFtcGxlIGluCi0JICAmbWFuLm1ha2UuY29uZi41
 Oykgd2FzIGRlZmluZWQgZHVyaW5nIHRoZSBidWlsZCwgaXQgYWxzbwotCSAg
 cmVxdWlyZXMgPGxpdGVyYWw+b3B0aW9ucyBJTkVUNjwvbGl0ZXJhbD4uPC9w
 YXJhPgotICAgICAgPC9ub3RlPgorICAgICAgKDxhY3JvbnltPlFvUzwvYWNy
 b255bT4pIGZ1bmN0aW9uYWxpdHkuPC9wYXJhPgogCi0gICAgICA8cGFyYT5P
 bmNlIHRoZSBrZXJuZWwgbW9kdWxlIGlzIGxvYWRlZCBvciB0aGUga2VybmVs
 IGlzIHN0YXRpY2FsbHkKLQlidWlsdCB3aXRoIFBGIHN1cHBvcnQsIGl0IGlz
 IHBvc3NpYmxlIHRvIGVuYWJsZSBvciBkaXNhYmxlCi0JPGFwcGxpY2F0aW9u
 PnBmPC9hcHBsaWNhdGlvbj4gd2l0aCB0aGUgPGNvbW1hbmQ+cGZjdGw8L2Nv
 bW1hbmQ+Ci0JY29tbWFuZC48L3BhcmE+Ci0KLSAgICAgIDxwYXJhPlRoaXMg
 ZXhhbXBsZSBkZW1vbnN0cmF0ZXMgaG93IHRvIGVuYWJsZQotCTxhcHBsaWNh
 dGlvbj5wZjwvYXBwbGljYXRpb24+OjwvcGFyYT4KLQotICAgICAgPHNjcmVl
 bj4mcHJvbXB0LnJvb3Q7IDx1c2VyaW5wdXQ+cGZjdGwgLWU8L3VzZXJpbnB1
 dD48L3NjcmVlbj4KLQotICAgICAgPHBhcmE+VGhlIDxjb21tYW5kPnBmY3Rs
 PC9jb21tYW5kPiBjb21tYW5kIHByb3ZpZGVzIGEgd2F5IHRvIHdvcmsKLQl3
 aXRoIHRoZSA8YXBwbGljYXRpb24+cGY8L2FwcGxpY2F0aW9uPiBmaXJld2Fs
 bC4gSXQgaXMgYSBnb29kCi0JaWRlYSB0byBjaGVjayB0aGUgJm1hbi5wZmN0
 bC44OyBtYW51YWwgcGFnZSB0byBmaW5kIG91dCBtb3JlCi0JaW5mb3JtYXRp
 b24gYWJvdXQgdXNpbmcgaXQuPC9wYXJhPgorICAgIDxwYXJhPlRoZSBPcGVu
 QlNEIFByb2plY3QgZG9lcyBhbiBvdXRzdGFuZGluZyBqb2Igb2YKKyAgICAg
 IG1haW50YWluaW5nIHRoZSAKKyAgICAgIDx1bGluayB1cmw9Imh0dHA6Ly93
 d3cub3BlbmJzZC5vcmcvZmFxL3BmLyI+UEYgRkFRPC91bGluaz4uICAKKyAg
 ICAgIEFzIHN1Y2gsIHRoaXMgc2VjdGlvbiBvZiB0aGUgaGFuZGJvb2sgd2ls
 bCBmb2N1cyBvbiAgCisgICAgICA8YWNyb255bT5QRjwvYWNyb255bT4gYXMg
 aXQgcGVydGFpbnMgdG8gJm9zOyB3aGlsZSBwcm92aWRpbmcgCisgICAgICBz
 b21lIGdlbmVyYWwgaW5mb3JtYXRpb24gcmVnYXJkaW5nIHVzYWdlLiAgRm9y
 IGRldGFpbGVkIHVzYWdlIAorICAgICAgaW5mb3JtYXRpb24gcGxlYXNlIHJl
 ZmVyIHRvIHRoZSAKKyAgICAgIDx1bGluayB1cmw9Imh0dHA6Ly93d3cub3Bl
 bmJzZC5vcmcvZmFxL3BmLyI+UEYgRkFRPC91bGluaz4uICAgICAgCisgICAg
 ICA8L3BhcmE+CisKKyAgICA8cGFyYT5Nb3JlIGluZm9ybWF0aW9uIGFib3V0
 IDxhY3JvbnltPlBGPC9hY3JvbnltPiBmb3IgJm9zOyAKKyAgICAgIGNhbiBi
 ZSBmb3VuZCBhdCAKKyAgICAgIDx1bGluayB1cmw9Imh0dHA6Ly9wZjRmcmVl
 YnNkLmxvdmUycGFydHkubmV0LyI+PC91bGluaz4uPC9wYXJhPgorCisgICAg
 PHNlY3QyPgorICAgICAgPHRpdGxlPlVzaW5nIHRoZSBQRiBsb2FkYWJsZSBr
 ZXJuZWwgbW9kdWxlPC90aXRsZT4KKworICAgICAgPHBhcmE+U2luY2UgdGhl
 IHJlbGVhc2Ugb2YgJm9zOyA1LjMsIFBGIGhhcyBiZWVuIGluY2x1ZGVkIGlu
 IHRoZSAKKyAgICAgICAgYmFzaWMgaW5zdGFsbCBhcyBhIHNlcGFyYXRlIHJ1
 biB0aW1lIGxvYWRhYmxlIG1vZHVsZS4gIFRoZSAKKyAgICAgICAgc3lzdGVt
 IHdpbGwgZHluYW1pY2FsbHkgbG9hZCB0aGUgUEYga2VybmVsIG1vZHVsZSB3
 aGVuIHRoZSAKKyAgICAgICAgJm1hbi5yYy5jb25mLjU7IHN0YXRlbWVudCA8
 bGl0ZXJhbD5wZl9lbmFibGU9IllFUyI8L2xpdGVyYWw+IAorICAgICAgICBp
 cyBwcmVzZW50LiAgSG93ZXZlciwgdGhlIDxhY3JvbnltPlBGPC9hY3Jvbnlt
 PiBtb2R1bGUgd2lsbCAKKyAgICAgICAgbm90IGxvYWQgaWYgdGhlIHN5c3Rl
 bSBjYW5ub3QgZmluZCBhIDxhY3JvbnltPlBGPC9hY3JvbnltPiAKKyAgICAg
 ICAgcnVsZXNldCBjb25maWd1cmF0aW9uIGZpbGUuICBUaGUgZGVmYXVsdCBs
 b2NhdGlvbiBpcyAKKyAgICAgICAgPGZpbGVuYW1lPi9ldGMvcGYuY29uZjwv
 ZmlsZW5hbWU+LiAgSWYgeW91ciAKKyAgICAgICAgPGFjcm9ueW0+UEY8L2Fj
 cm9ueW0+IHJ1bGVzZXQgaXMgbG9jYXRlZCBzb21ld2hlcmUgZWxzZSB1c2Ug
 CisgICAgICAgIDxvcHRpb24+cGZfcnVsZXM9IjxyZXBsYWNlYWJsZT4vcGF0
 aC9wZi5ydWxlczwvcmVwbGFjZWFibGU+Ijwvb3B0aW9uPgorICAgICAgICB0
 byBzcGVjaWZ5IHRoZSBsb2NhdGlvbi48L3BhcmE+CisKKyAgICAgICAgPG5v
 dGU+CisgICAgICAgICAgPHBhcmE+QXMgb2YgJm9zOyA3LjAgdGhlIHNhbXBs
 ZSA8ZmlsZW5hbWU+cGYuY29uZjwvZmlsZW5hbWU+IHRoYXQgCisgICAgICAg
 ICAgICB3YXMgaW4gPGZpbGVuYW1lPi9ldGMvPC9maWxlbmFtZT4gaGFzIGJl
 ZW4gbW92ZWQgdG8gCisgICAgICAgICAgICA8ZmlsZW5hbWU+L3Vzci9zaGFy
 ZS9leGFtcGxlcy9wZi88L2ZpbGVuYW1lPi4gIEZvciAmb3M7IHZlcnNpb25z
 IAorICAgICAgICAgICAgcHJpb3IgdG8gNy4wIHRoZXJlIGlzIGFuIDxmaWxl
 bmFtZT4vZXRjL3BmLmNvbmY8L2ZpbGVuYW1lPiBieSAKKyAgICAgICAgICAg
 IGRlZmF1bHQuPC9wYXJhPgorICAgICAgICA8L25vdGU+CisKKyAgICAgIDxw
 YXJhPlRoZSA8YWNyb255bT5QRjwvYWNyb255bT4gbW9kdWxlIGNhbiBhbHNv
 IGJlIGxvYWRlZCBtYW51YWxseSAKKyAgICAgICAgZnJvbSB0aGUgY29tbWFu
 ZCBsaW5lOjwvcGFyYT4KKworICAgICAgPHNjcmVlbj4mcHJvbXB0LnJvb3Q7
 IDx1c2VyaW5wdXQ+a2xkbG9hZCBwZi5rbzwvdXNlcmlucHV0Pjwvc2NyZWVu
 PgorCisgICAgICA8cGFyYT5UaGUgbG9hZGFibGUgbW9kdWxlIHdhcyBjcmVh
 dGVkIHdpdGggJm1hbi5wZmxvZy40OyBlbmFibGVkIAorICAgICAgICAgd2hp
 Y2ggcHJvdmlkZXMgc3VwcG9ydCBmb3IgbG9nZ2luZy4gIElmIHlvdSBuZWVk
 IG90aGVyIAorICAgICAgICAgPGFjcm9ueW0+UEY8L2Fjcm9ueW0+IGZlYXR1
 cmVzIHlvdSB3aWxsIG5lZWQgdG8gY29tcGlsZSAKKyAgICAgICAgIDxhY3Jv
 bnltPlBGPC9hY3JvbnltPiBzdXBwb3J0IGludG8gdGhlIGtlcm5lbC48L3Bh
 cmE+ICAKICAgICA8L3NlY3QyPgogCiAgICAgPHNlY3QyPgotICAgICAgPHRp
 dGxlPktlcm5lbCBvcHRpb25zPC90aXRsZT4KKyAgICAgIDx0aXRsZT5QRiBr
 ZXJuZWwgb3B0aW9uczwvdGl0bGU+CiAKICAgICAgIDxpbmRleHRlcm0+CiAJ
 PHByaW1hcnk+a2VybmVsIG9wdGlvbnM8L3ByaW1hcnk+CkBAIC0yNjUsMjIg
 KzI4MSwyNyBAQAogCTxzZWNvbmRhcnk+ZGV2aWNlIHBmc3luYzwvc2Vjb25k
 YXJ5PgogICAgICAgPC9pbmRleHRlcm0+CiAKLSAgICAgIDxwYXJhPkl0IGlz
 IG5vdCBhIG1hbmRhdG9yeSByZXF1aXJlbWVudCB0aGF0IHlvdSBlbmFibGUg
 UEYgYnkKLQljb21waWxpbmcgdGhlIGZvbGxvd2luZyBvcHRpb25zIGludG8g
 dGhlICZvczsga2VybmVsLiAgSXQgaXMKLQlvbmx5IHByZXNlbnRlZCBoZXJl
 IGFzIGJhY2tncm91bmQgaW5mb3JtYXRpb24uICBDb21waWxpbmcgUEYKLQlp
 bnRvIHRoZSBrZXJuZWwgY2F1c2VzIHRoZSBsb2FkYWJsZSBtb2R1bGUgdG8g
 bmV2ZXIgYmUKLQl1c2VkLjwvcGFyYT4KLQotICAgICAgPHBhcmE+U2FtcGxl
 IGtlcm5lbCBjb25maWcgUEYgb3B0aW9uIHN0YXRlbWVudHMgYXJlIGluIHRo
 ZQotCTxmaWxlbmFtZT4vdXNyL3NyYy9zeXMvY29uZi9OT1RFUzwvZmlsZW5h
 bWU+IGtlcm5lbCBzb3VyY2UgYW5kCi0JYXJlIHJlcHJvZHVjZWQgaGVyZTo8
 L3BhcmE+CisgICAgICA8cGFyYT5XaGlsZSBpdCBpcyBub3QgbmVjZXNzYXJ5
 IHRoYXQgeW91IGNvbXBpbGUKKyAgICAgICAgPGFjcm9ueW0+UEY8L2Fjcm9u
 eW0+IHN1cHBvcnQgaW50byB0aGUgJm9zOyBrZXJuZWwsIHlvdSBtYXkgd2Fu
 dCAKKyAgICAgICAgdG8gZG8gc28gdG8gdGFrZSBhZHZhbnRhZ2Ugb2Ygb25l
 IG9mIFBGJ3MgYWR2YW5jZWQgZmVhdHVyZXMgdGhhdCAKKyAgICAgICAgaXMg
 bm90IGluY2x1ZGVkIGluIHRoZSBsb2FkYWJsZSBtb2R1bGUsIG5hbWVseSAm
 bWFuLnBmc3luYy40Oy4gIAorICAgICAgICBwZnN5bmMgaXMgYSBwc2V1ZG8t
 ZGV2aWNlIHRoYXQgZXhwb3NlcyBjZXJ0YWluIGNoYW5nZXMgdG8KKyAgICAg
 ICAgdGhlIHN0YXRlIHRhYmxlIHVzZWQgYnkgPGFjcm9ueW0+UEY8L2Fjcm9u
 eW0+LiAgcGZzeW5jIGNhbiBiZSAKKyAgICAgICAgcGFpcmVkIHdpdGggJm1h
 bi5jYXJwLjQ7IHRvIGNyZWF0ZSBmYWlsb3ZlciBmaXJld2FsbHMgdXNpbmcg
 CisgICAgICAgIDxhY3JvbnltPlBGPC9hY3JvbnltPi4gIE1vcmUgaW5mb3Jt
 YXRpb24gb24gCisgICAgICAgIDxhY3JvbnltPkNBUlA8L2Fjcm9ueW0+IGNh
 biBiZSBmb3VuZCBpbiAKKyAgICAgICAgPGxpbmsgbGlua2VuZD0iY2FycCI+
 Y2hhcHRlciAyOTwvbGluaz4gb2YgdGhlIGhhbmRib29rLjwvcGFyYT4KKwor
 ICAgICAgPHBhcmE+VGhlIDxhY3JvbnltPlBGPC9hY3JvbnltPiBrZXJuZWwg
 b3B0aW9ucyBjYW4gYmUgZm91bmQgaW4gCisJPGZpbGVuYW1lPi91c3Ivc3Jj
 L3N5cy9jb25mL05PVEVTPC9maWxlbmFtZT4gYW5kIGFyZSByZXByb2R1Y2Vk
 IAorICAgICAgICBiZWxvdzo8L3BhcmE+CiAKICAgICAgIDxwcm9ncmFtbGlz
 dGluZz5kZXZpY2UgcGYKIGRldmljZSBwZmxvZwogZGV2aWNlIHBmc3luYzwv
 cHJvZ3JhbWxpc3Rpbmc+CiAKICAgICAgIDxwYXJhPjxsaXRlcmFsPmRldmlj
 ZSBwZjwvbGl0ZXJhbD4gZW5hYmxlcyBzdXBwb3J0IGZvciB0aGUKLQk8cXVv
 dGU+UGFja2V0IEZpbHRlcjwvcXVvdGU+IGZpcmV3YWxsLjwvcGFyYT4KKwk8
 cXVvdGU+UGFja2V0IEZpbHRlcjwvcXVvdGU+IGZpcmV3YWxsICgmbWFuLnBm
 LjQ7KS48L3BhcmE+CiAKICAgICAgIDxwYXJhPjxsaXRlcmFsPmRldmljZSBw
 ZmxvZzwvbGl0ZXJhbD4gZW5hYmxlcyB0aGUgb3B0aW9uYWwKIAkmbWFuLnBm
 bG9nLjQ7IHBzZXVkbyBuZXR3b3JrIGRldmljZSB3aGljaCBjYW4gYmUgdXNl
 ZCB0byBsb2cKQEAgLTI4OCwyMSArMzA5LDE1IEBACiAJY2FuIGJlIHVzZWQg
 dG8gc3RvcmUgdGhlIGxvZ2dpbmcgaW5mb3JtYXRpb24gdG8gZGlzay48L3Bh
 cmE+CiAKICAgICAgIDxwYXJhPjxsaXRlcmFsPmRldmljZSBwZnN5bmM8L2xp
 dGVyYWw+IGVuYWJsZXMgdGhlIG9wdGlvbmFsCi0JJm1hbi5wZnN5bmMuNDsg
 cHNldWRvIG5ldHdvcmsgZGV2aWNlIHRoYXQgaXMgdXNlZCB0byBtb25pdG9y
 Ci0JPHF1b3RlPnN0YXRlIGNoYW5nZXM8L3F1b3RlPi4gIEFzIHRoaXMgaXMg
 bm90IHBhcnQgb2YgdGhlCi0JbG9hZGFibGUgbW9kdWxlIG9uZSBoYXMgdG8g
 YnVpbGQgYSBjdXN0b20ga2VybmVsIHRvIHVzZQotCWl0LjwvcGFyYT4KLQot
 ICAgICAgPHBhcmE+VGhlc2Ugc2V0dGluZ3Mgd2lsbCB0YWtlIGVmZmVjdCBv
 bmx5IGFmdGVyIHlvdSBoYXZlIGJ1aWx0Ci0JYW5kIGluc3RhbGxlZCBhIGtl
 cm5lbCB3aXRoIHRoZW0gc2V0LjwvcGFyYT4KKwkmbWFuLnBmc3luYy40OyBw
 c2V1ZG8tbmV0d29yayBkZXZpY2UgdGhhdCBpcyB1c2VkIHRvIG1vbml0b3IK
 Kwk8cXVvdGU+c3RhdGUgY2hhbmdlczwvcXVvdGU+LjwvcGFyYT4KICAgICA8
 L3NlY3QyPgogCiAgICAgPHNlY3QyPgogICAgICAgPHRpdGxlPkF2YWlsYWJs
 ZSByYy5jb25mIE9wdGlvbnM8L3RpdGxlPgogCi0gICAgICA8cGFyYT5Zb3Ug
 bmVlZCB0aGUgZm9sbG93aW5nIHN0YXRlbWVudHMgaW4KLQk8ZmlsZW5hbWU+
 L2V0Yy9yYy5jb25mPC9maWxlbmFtZT4gdG8gYWN0aXZhdGUgUEYgYXQgYm9v
 dAotCXRpbWU6PC9wYXJhPgorICAgICAgPHBhcmE+VGhlIGZvbGxvd2luZyAm
 bWFuLnJjLmNvbmYuNTsgc3RhdGVtZW50cyBjb25maWd1cmUKKwk8YWNyb255
 bT5QRjwvYWNyb255bT4gYW5kICZtYW4ucGZsb2cuNDsgYXQgYm9vdDo8L3Bh
 cmE+CiAKICAgICAgIDxwcm9ncmFtbGlzdGluZz5wZl9lbmFibGU9IllFUyIg
 ICAgICAgICAgICAgICAgICMgRW5hYmxlIFBGIChsb2FkIG1vZHVsZSBpZiBy
 ZXF1aXJlZCkKIHBmX3J1bGVzPSIvZXRjL3BmLmNvbmYiICAgICAgICAgIyBy
 dWxlcyBkZWZpbml0aW9uIGZpbGUgZm9yIHBmCkBAIC0zMTIsMjIgKzMyNywx
 MTAgQEAKIHBmbG9nX2ZsYWdzPSIiICAgICAgICAgICAgICAgICAgIyBhZGRp
 dGlvbmFsIGZsYWdzIGZvciBwZmxvZ2Qgc3RhcnR1cDwvcHJvZ3JhbWxpc3Rp
 bmc+CiAKICAgICAgIDxwYXJhPklmIHlvdSBoYXZlIGEgTEFOIGJlaGluZCB0
 aGlzIGZpcmV3YWxsIGFuZCBoYXZlIHRvIGZvcndhcmQKLQlwYWNrZXRzIGZv
 ciB0aGUgY29tcHV0ZXJzIGluIHRoZSBMQU4gb3Igd2FudCB0byBkbyBOQVQs
 IHlvdQotCWhhdmUgdG8gZW5hYmxlIHRoZSBmb2xsb3dpbmcgb3B0aW9uIGFz
 IHdlbGw6PC9wYXJhPgorCXBhY2tldHMgZm9yIHRoZSBjb21wdXRlcnMgb24g
 dGhlIExBTiBvciB3YW50IHRvIGRvIE5BVCwgeW91CisJd2lsbCBuZWVkIHRo
 ZSBmb2xsb3dpbmcgb3B0aW9uIGFzIHdlbGw6PC9wYXJhPgogCiAgICAgICA8
 cHJvZ3JhbWxpc3Rpbmc+Z2F0ZXdheV9lbmFibGU9IllFUyIgICAgICAgICAg
 ICAjIEVuYWJsZSBhcyBMQU4gZ2F0ZXdheTwvcHJvZ3JhbWxpc3Rpbmc+CiAg
 ICAgPC9zZWN0Mj4KIAogICAgIDxzZWN0Mj4KKyAgICAgIDx0aXRsZT5DcmVh
 dGluZyBGaWx0ZXJpbmcgUnVsZXM8L3RpdGxlPgorCisgICAgICA8cGFyYT48
 YWNyb255bT5QRjwvYWNyb255bT4gcmVhZHMgaXRzIGNvbmZpZ3VyYXRpb24g
 cnVsZXMgZnJvbSAKKyAgICAgICAgJm1hbi5wZi5jb25mLjU7ICg8ZmlsZW5h
 bWU+L2V0Yy9wZi5jb25mPC9maWxlbmFtZT4gYnkgCisgICAgICAgIGRlZmF1
 bHQpIGFuZCBpdCBtb2RpZmllcywgZHJvcHMsIG9yIHBhc3NlcyBwYWNrZXRz
 IGFjY29yZGluZyB0byAKKyAgICAgICAgdGhlIHJ1bGVzIG9yIGRlZmluaXRp
 b25zIHNwZWNpZmllZCB0aGVyZS4gIFRoZSAmb3M7IAorICAgICAgICBpbnN0
 YWxsYXRpb24gaW5jbHVkZXMgc2V2ZXJhbCBzYW1wbGUgZmlsZXMgbG9jYXRl
 ZCBpbiAKKyAgICAgICAgPGZpbGVuYW1lPi91c3Ivc2hhcmUvZXhhbXBsZXMv
 cGYvPC9maWxlbmFtZT4uICBQbGVhc2UgcmVmZXIgdG8gCisgICAgICAgIHRo
 ZSA8dWxpbmsgdXJsPSJodHRwOi8vd3d3Lm9wZW5ic2Qub3JnL2ZhcS9wZi8i
 PlBGIEZBUTwvdWxpbms+IAorICAgICAgICBmb3IgY29tcGxldGUgY292ZXJh
 Z2Ugb2YgPGFjcm9ueW0+UEY8L2Fjcm9ueW0+IHJ1bGVzZXRzLjwvcGFyYT4K
 KworICAgICAgPHdhcm5pbmc+CisJPHBhcmE+V2hlbiBicm93c2luZyB0aGUg
 PHVsaW5rIHVybD0iaHR0cDovL3d3dy5vcGVuYnNkLm9yZy9mYXEvcGYvIj5Q
 RiBGQVE8L3VsaW5rPiwgCisgICAgICAgICAgcGxlYXNlIGtlZXAgaW4gbWlu
 ZCB0aGF0IGRpZmZlcmVudCB2ZXJzaW9ucyBvZiAmb3M7IGNvbnRhaW4gCisg
 ICAgICAgICAgZGlmZmVyZW50IHZlcnNpb25zIG9mIFBGOjwvcGFyYT4KKwor
 ICAgICAgICA8aXRlbWl6ZWRsaXN0PgorICAgICAgICAgIDxsaXN0aXRlbT4K
 KyAgICAgICAgICAgIDxzaW1wYXJhPiZvczsgNS54IC0gPGFjcm9ueW0+UEY8
 L2Fjcm9ueW0+IGlzIGF0IE9wZW5CU0QgMy41PC9zaW1wYXJhPgorICAgICAg
 ICAgICAgPC9saXN0aXRlbT4KKworICAgICAgICAgIDxsaXN0aXRlbT4KKyAg
 ICAgICAgICAgIDxzaW1wYXJhPiZvczsgNi54IC0gPGFjcm9ueW0+UEY8L2Fj
 cm9ueW0+IGlzIGF0IE9wZW5CU0QgMy43PC9zaW1wYXJhPgorICAgICAgICAg
 ICAgPC9saXN0aXRlbT4KKworICAgICAgICAgIDxsaXN0aXRlbT4KKyAgICAg
 ICAgICAgIDxzaW1wYXJhPiZvczsgNy54IC0gPGFjcm9ueW0+UEY8L2Fjcm9u
 eW0+IGlzIGF0IE9wZW5CU0QgNC4xPC9zaW1wYXJhPgorICAgICAgICAgICAg
 PC9saXN0aXRlbT4KKyAgICAgICAgPC9pdGVtaXplZGxpc3Q+CisgICAgICA8
 L3dhcm5pbmc+CisKKyAgICAgIDxwYXJhPlRoZSAmYS5wZjsgaXMgYSBnb29k
 IHBsYWNlIHRvIGFzayBxdWVzdGlvbnMgYWJvdXQKKwljb25maWd1cmluZyBh
 bmQgcnVubmluZyB0aGUgPGFjcm9ueW0+UEY8L2Fjcm9ueW0+CisJZmlyZXdh
 bGwuICBEbyBub3QgZm9yZ2V0IHRvIGNoZWNrIHRoZSBtYWlsaW5nIGxpc3Qg
 YXJjaGl2ZXMKKwliZWZvcmUgYXNraW5nIHF1ZXN0aW9ucyE8L3BhcmE+Cisg
 ICAgPC9zZWN0Mj4KKworICAgIDxzZWN0Mj4KKyAgICAgIDx0aXRsZT5Xb3Jr
 aW5nIHdpdGggUEY8L3RpdGxlPgorCisgICAgICA8cGFyYT5Vc2UgJm1hbi5w
 ZmN0bC44OyB0byBjb250cm9sIDxhY3JvbnltPlBGPC9hY3JvbnltPi4gIEJl
 bG93IAorICAgICAgICBhcmUgc29tZSB1c2VmdWwgY29tbWFuZHMgKGJlIHN1
 cmUgdG8gcmV2aWV3IHRoZSAmbWFuLnBmY3RsLjg7IAorICAgICAgICBtYW4g
 cGFnZSBmb3IgYWxsIGF2YWlsYWJsZSBvcHRpb25zKToKKwk8L3BhcmE+CisK
 KyAgICAgICAgPGluZm9ybWFsdGFibGUgZnJhbWU9Im5vbmUiIHBnd2lkZT0i
 MSI+CisgICAgICAgICAgPHRncm91cCBjb2xzPSIyIj4KKyAgICAgICAgICAg
 IDx0aGVhZD4KKyAgICAgICAgICAgICAgPHJvdz4KKyAgICAgICAgICAgICAg
 ICA8ZW50cnk+Q29tbWFuZDwvZW50cnk+CisgICAgICAgICAgICAgICAgPGVu
 dHJ5PlB1cnBvc2U8L2VudHJ5PgorICAgICAgICAgICAgICA8L3Jvdz4KKyAg
 ICAgICAgICAgIDwvdGhlYWQ+CisKKyAgICAgICAgICAgIDx0Ym9keT4KKyAg
 ICAgICAgICAgICAgPHJvdz4KKyAgICAgICAgICAgICAgICA8ZW50cnk+PGNv
 bW1hbmQ+cGZjdGwgLWU8L2NvbW1hbmQ+PC9lbnRyeT4KKyAgICAgICAgICAg
 ICAgICA8ZW50cnk+RW5hYmxlIFBGPC9lbnRyeT4KKyAgICAgICAgICAgICAg
 PC9yb3c+CisKKyAgICAgICAgICAgICAgPHJvdz4KKyAgICAgICAgICAgICAg
 ICA8ZW50cnk+PGNvbW1hbmQ+cGZjdGwgLWQ8L2NvbW1hbmQ+PC9lbnRyeT4K
 KyAgICAgICAgICAgICAgICA8ZW50cnk+RGlzYWJsZSBQRjwvZW50cnk+Cisg
 ICAgICAgICAgICAgIDwvcm93PgorCisgICAgICAgICAgICAgIDxyb3c+Cisg
 ICAgICAgICAgICAgICAgPGVudHJ5Pjxjb21tYW5kPnBmY3RsIC1GIGFsbCAt
 ZiAvZXRjL3BmLmNvbmY8L2NvbW1hbmQ+PC9lbnRyeT4KKyAgICAgICAgICAg
 ICAgICA8ZW50cnk+Rmx1c2ggYWxsIHJ1bGVzIChuYXQsIGZpbHRlciwgc3Rh
 dGUsIHRhYmxlLCBldGMuKSBhbmQgcmVsb2FkIGZyb20gdGhlIGZpbGUgPGZp
 bGVuYW1lPi9ldGMvcGYuY29uZjwvZmlsZW5hbWU+PC9lbnRyeT4KKyAgICAg
 ICAgICAgICAgPC9yb3c+CisKKyAgICAgICAgICAgICAgPHJvdz4KKyAgICAg
 ICAgICAgICAgICA8ZW50cnk+PGNvbW1hbmQ+cGZjdGwgLXMgWyBydWxlcyB8
 IG5hdCB8IHN0YXRlIF08L2NvbW1hbmQ+PC9lbnRyeT4KKyAgICAgICAgICAg
 ICAgICA8ZW50cnk+UmVwb3J0IG9uIHRoZSAgZmlsdGVyIHJ1bGVzLCBuYXQg
 cnVsZXMsIG9yIHN0YXRlIHRhYmxlPC9lbnRyeT4KKyAgICAgICAgICAgICAg
 PC9yb3c+CisKKyAgICAgICAgICAgICAgPHJvdz4KKyAgICAgICAgICAgICAg
 ICA8ZW50cnk+PGNvbW1hbmQ+cGZjdGwgLXZuZiAvZXRjL3BmLmNvbmY8L2Nv
 bW1hbmQ+PC9lbnRyeT4KKyAgICAgICAgICAgICAgICA8ZW50cnk+Q2hlY2sg
 PGZpbGVuYW1lPi9ldGMvcGYuY29uZjwvZmlsZW5hbWU+IGZvciBlcnJvcnMs
 IGJ1dCBkbyBub3QgbG9hZCBydWxlc2V0PC9lbnRyeT4KKyAgICAgICAgICAg
 ICAgPC9yb3c+CisKKyAgICAgICAgICAgIDwvdGJvZHk+CisgICAgICAgICAg
 PC90Z3JvdXA+CisgICAgICAgIDwvaW5mb3JtYWx0YWJsZT4KKyAgICA8L3Nl
 Y3QyPgorCisgICAgPHNlY3QyPgogICAgICAgPHRpdGxlPkVuYWJsaW5nIDxh
 Y3JvbnltPkFMVFE8L2Fjcm9ueW0+PC90aXRsZT4KIAotICAgICAgPHBhcmE+
 PGFjcm9ueW0+QUxUUTwvYWNyb255bT4gaXMgb25seSBhdmFpbGFibGUgYnkg
 Y29tcGlsaW5nIHRoZQotCW9wdGlvbnMgaW50byB0aGUgJm9zOyBLZXJuZWwu
 ICA8YWNyb255bT5BTFRRPC9hY3JvbnltPiBpcyBub3QKLQlzdXBwb3J0ZWQg
 YnkgYWxsIG9mIHRoZSBhdmFpbGFibGUgbmV0d29yayBjYXJkIGRyaXZlcnMu
 CSBQbGVhc2UKLQlzZWUgdGhlICZtYW4uYWx0cS40OyBtYW51YWwgcGFnZSBm
 b3IgYSBsaXN0IG9mIGRyaXZlcnMgdGhhdCBhcmUKLQlzdXBwb3J0ZWQgaW4g
 eW91ciByZWxlYXNlIG9mICZvczsuICBUaGUgZm9sbG93aW5nIG9wdGlvbnMg
 d2lsbAotCWVuYWJsZSA8YWNyb255bT5BTFRRPC9hY3JvbnltPiBhbmQgYWRk
 IGFkZGl0aW9uYWwKLQlmdW5jdGlvbmFsaXR5LjwvcGFyYT4KKyAgICAgIDxw
 YXJhPjxhY3JvbnltPkFMVFE8L2Fjcm9ueW0+IGlzIG9ubHkgYXZhaWxhYmxl
 IGJ5IGNvbXBpbGluZyAKKyAgICAgICAgc3VwcG9ydCBmb3IgaXQgaW50byB0
 aGUgJm9zOyBrZXJuZWwuICA8YWNyb255bT5BTFRRPC9hY3JvbnltPiBpcyAK
 KyAgICAgICAgbm90IHN1cHBvcnRlZCBieSBhbGwgb2YgdGhlIGF2YWlsYWJs
 ZSBuZXR3b3JrIGNhcmQgZHJpdmVycy4JIAorICAgICAgICBQbGVhc2Ugc2Vl
 IHRoZSAmbWFuLmFsdHEuNDsgbWFudWFsIHBhZ2UgZm9yIGEgbGlzdCBvZiBk
 cml2ZXJzIAorICAgICAgICB0aGF0IGFyZSBzdXBwb3J0ZWQgaW4geW91ciBy
 ZWxlYXNlIG9mICZvczsuPC9wYXJhPgorCisgICAgICA8cGFyYT5UaGUgZm9s
 bG93aW5nIGtlcm5lbCBvcHRpb25zIHdpbGwgZW5hYmxlIAorICAgICAgICA8
 YWNyb255bT5BTFRRPC9hY3JvbnltPiBhbmQgYWRkIGFkZGl0aW9uYWwgZnVu
 Y3Rpb25hbGl0eToKKyAgICAgICAgPC9wYXJhPgogCiAgICAgICA8cHJvZ3Jh
 bWxpc3Rpbmc+b3B0aW9ucyAgICAgICAgIEFMVFEKIG9wdGlvbnMgICAgICAg
 ICBBTFRRX0NCUSAgICAgICAgIyBDbGFzcyBCYXNlcyBRdWV1aW5nIChDQlEp
 CkBAIC0zNzMsMzYgKzQ3Niw2IEBACiAJVGhpcyBvcHRpb24gaXMgcmVxdWly
 ZWQgb24gPGFjcm9ueW0+U01QPC9hY3JvbnltPgogCXN5c3RlbXMuPC9wYXJh
 PgogICAgIDwvc2VjdDI+Ci0KLSAgICA8c2VjdDI+Ci0gICAgICA8dGl0bGU+
 Q3JlYXRpbmcgRmlsdGVyaW5nIFJ1bGVzPC90aXRsZT4KLQotICAgICAgPHBh
 cmE+VGhlIFBhY2tldCBGaWx0ZXIgcmVhZHMgaXRzIGNvbmZpZ3VyYXRpb24g
 cnVsZXMgZnJvbSB0aGUKLQkmbWFuLnBmLmNvbmYuNTsgZmlsZSBhbmQgaXQg
 bW9kaWZpZXMsIGRyb3BzIG9yIHBhc3NlcyBwYWNrZXRzCi0JYWNjb3JkaW5n
 IHRvIHRoZSBydWxlcyBvciBkZWZpbml0aW9ucyBzcGVjaWZpZWQgdGhlcmUu
 ICBUaGUgJm9zOwotCWluc3RhbGxhdGlvbiBjb21lcyB3aXRoIGEgZGVmYXVs
 dAotCTxmaWxlbmFtZT4vZXRjL3BmLmNvbmY8L2ZpbGVuYW1lPiB3aGljaCBj
 b250YWlucyB1c2VmdWwgZXhhbXBsZXMKLQlhbmQgZXhwbGFuYXRpb25zLjwv
 cGFyYT4KLQotICAgICAgPHBhcmE+QWx0aG91Z2ggJm9zOyBoYXMgaXRzIG93
 biA8ZmlsZW5hbWU+L2V0Yy9wZi5jb25mPC9maWxlbmFtZT4KLQl0aGUgc3lu
 dGF4IGlzIHRoZSBzYW1lIGFzIG9uZSB1c2VkIGluIE9wZW5CU0QuICBBIGdy
 ZWF0Ci0JcmVzb3VyY2UgZm9yIGNvbmZpZ3VyaW5nIHRoZSA8YXBwbGljYXRp
 b24+cGY8L2FwcGxpY2F0aW9uPgotCWZpcmV3YWxsIGhhcyBiZWVuIHdyaXR0
 ZW4gYnkgT3BlbkJTRCB0ZWFtIGFuZCBpcyBhdmFpbGFibGUgYXQKLQk8dWxp
 bmsgdXJsPSJodHRwOi8vd3d3Lm9wZW5ic2Qub3JnL2ZhcS9wZi8iPjwvdWxp
 bms+LjwvcGFyYT4KLQotICAgICAgPHdhcm5pbmc+Ci0JPHBhcmE+V2hlbiBi
 cm93c2luZyB0aGUgcGYgdXNlcidzIGd1aWRlLCBwbGVhc2Uga2VlcCBpbiBt
 aW5kIHRoYXQKLSAgICAgZGlmZmVyZW50IHZlcnNpb25zIG9mICZvczsgY29u
 dGFpbiBkaWZmZXJlbnQgdmVyc2lvbnMgb2YgcGYuICBUaGUKLSAgICAgPGFw
 cGxpY2F0aW9uPnBmPC9hcHBsaWNhdGlvbj4gZmlyZXdhbGwgaW4gJm9zOyA1
 LlggaXMgYXQgdGhlIGxldmVsCi0gICAgIG9mIE9wZW5CU0QgdmVyc2lvbiAz
 LjUgYW5kIGluICZvczsgNi5YIGlzIGF0IHRoZSBsZXZlbCBvZiBPcGVuQlNE
 Ci0gICAgIHZlcnNpb24gMy43LjwvcGFyYT4KLSAgICAgIDwvd2FybmluZz4K
 LQotICAgICAgPHBhcmE+VGhlICZhLnBmOyBpcyBhIGdvb2QgcGxhY2UgdG8g
 YXNrIHF1ZXN0aW9ucyBhYm91dAotCWNvbmZpZ3VyaW5nIGFuZCBydW5uaW5n
 IHRoZSA8YXBwbGljYXRpb24+cGY8L2FwcGxpY2F0aW9uPgotCWZpcmV3YWxs
 LiAgRG8gbm90IGZvcmdldCB0byBjaGVjayB0aGUgbWFpbGluZyBsaXN0IGFy
 Y2hpdmVzCi0JYmVmb3JlIGFza2luZyBxdWVzdGlvbnMuPC9wYXJhPgotICAg
 IDwvc2VjdDI+CiAgIDwvc2VjdDE+CiAKICAgPHNlY3QxIGlkPSJmaXJld2Fs
 bHMtaXBmIj4K
 
 --0-2114477508-1207677800=:37890--
Responsible-Changed-From-To: freebsd-doc->gabor 
Responsible-Changed-By: gabor 
Responsible-Changed-When: Sun Jun 15 12:30:38 UTC 2008 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122351 
State-Changed-From-To: open->closed 
State-Changed-By: gabor 
State-Changed-When: Sun Jun 15 13:17:16 UTC 2008 
State-Changed-Why:  
Committed with slight changes, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=122351 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/122351: commit references a PR
Date: Sun, 15 Jun 2008 13:16:54 +0000 (UTC)

 gabor       2008-06-15 13:16:49 UTC
 
   FreeBSD doc repository
 
   Modified files:
     en_US.ISO8859-1/books/handbook/firewalls chapter.sgml 
   Log:
   - Reword and reorganize the PF subchapter to be clearer and easier to
     use. Mention the changed location of a configuration file in 7.0.
   
   PR:             docs/122351, docs/121321 (related)
   Submitted by:   John Ferrell <jdferrell3@yahoo.com>
   
   Revision  Changes    Path
   1.83      +182 -103  doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
