Subversion Repositories svn LFS-FR

Compare Revisions

Ignore whitespace Rev 7189 → Rev 7190

/trunk/blfs/fr/postlfs/security/firewalling.po
6,14 → 6,14
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2016-09-25 17:34+0200\n"
"POT-Creation-Date: 2016-10-23 22:30+0200\n"
"PO-Revision-Date: 2016-10-15 08:45+0000\n"
"Last-Translator: roptat <roptat@lepiller.eu>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Language: fr\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
"X-Generator: Pootle 2.7\n"
"X-POOTLE-MTIME: 1476521155.695916\n"
20,9 → 20,6
 
#. type: Content of: <sect1><sect1info>
#: blfs-en/postlfs/security/firewalling.xml:12
#| msgid ""
#| "<othername>$LastChangedBy: fernando $</othername> <date>$Date: 2014-08-10 "
#| "20:18:14 +0200 (Sun, 10 Aug 2014) $</date>"
msgid ""
"<othername>$LastChangedBy: dj $</othername> <date>$Date: 2016-06-05 07:57:10"
" +0200 (Sun, 05 Jun 2016) $</date>"
293,12 → 290,6
 
#. type: Content of: <sect1><sect2><para>
#: blfs-en/postlfs/security/firewalling.xml:150
#| msgid ""
#| "the firewall will be restarted just as it is upon system startup. The "
#| "status target will present a list of all currently implemented rules. The "
#| "clear target turns off all firewall rules and the lock target will block all"
#| " packets in and out of the computer with the exception of the loopback "
#| "interface."
msgid ""
"the firewall will be restarted just as it is upon system startup. The status"
" target will present a list of all currently implemented rules. The clear "
306,8 → 297,8
"packets in and out of the computer with the exception of the loopback "
"interface."
msgstr ""
"le pare-feu sera redémarré comme s'il s'agissait du démarrage du système. La "
"cible status présentera une liste de toutes les règles actuellement "
"le pare-feu sera redémarré comme s'il s'agissait du démarrage du système. La"
" cible status présentera une liste de toutes les règles actuellement "
"implémentées. La cible clear désactive toutes les règles de pare-feu et la "
"cible lock bloquera tous les paquets entrant et sortant sur l'ordinateur "
"sauf l'interface loopback."
325,10 → 316,6
 
#. type: Content of: <sect1><sect2><para>
#: blfs-en/postlfs/security/firewalling.xml:160
#| msgid ""
#| "The main startup firewall is located in the file "
#| "<filename>/etc/rc.d/rc.iptables</filename>. The sections below provide three"
#| " different approaches that can be used for a system."
msgid ""
"The main startup firewall is located in the file "
"<filename>/etc/systemd/scripts/iptables</filename>. The sections below "
540,82 → 527,6
#. type: Content of: <sect1><sect2><sect3><screen>
#: blfs-en/postlfs/security/firewalling.xml:261
#, no-wrap
#| msgid ""
#| "<userinput>cat &gt; /etc/rc.d/rc.iptables &lt;&lt; \"EOF\"\n"
#| "<literal>#!/bin/sh\n"
#| "\n"
#| "# Begin rc.iptables\n"
#| "\n"
#| "# Insert connection-tracking modules\n"
#| "# (not needed if built into the kernel)\n"
#| "modprobe nf_conntrack\n"
#| "modprobe xt_LOG\n"
#| "\n"
#| "# Enable broadcast echo Protection\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\n"
#| "\n"
#| "# Disable Source Routed Packets\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/all/accept_source_route\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/default/accept_source_route\n"
#| "\n"
#| "# Enable TCP SYN Cookie Protection\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/tcp_syncookies\n"
#| "\n"
#| "# Disable ICMP Redirect Acceptance\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/default/accept_redirects\n"
#| "\n"
#| "# Do not send Redirect Messages\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/all/send_redirects\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/default/send_redirects\n"
#| "\n"
#| "# Drop Spoofed Packets coming in on an interface, where responses\n"
#| "# would result in the reply going out a different interface.\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/conf/all/rp_filter\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/conf/default/rp_filter\n"
#| "\n"
#| "# Log packets with impossible addresses.\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/conf/all/log_martians\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/conf/default/log_martians\n"
#| "\n"
#| "# be verbose on dynamic ip-addresses (not needed in case of static IP)\n"
#| "echo 2 &gt; /proc/sys/net/ipv4/ip_dynaddr\n"
#| "\n"
#| "# disable Explicit Congestion Notification\n"
#| "# too many routers are still ignorant\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/tcp_ecn\n"
#| "\n"
#| "# Set a known state\n"
#| "iptables -P INPUT DROP\n"
#| "iptables -P FORWARD DROP\n"
#| "iptables -P OUTPUT DROP\n"
#| "\n"
#| "# These lines are here in case rules are already in place and the\n"
#| "# script is ever rerun on the fly. We want to remove all rules and\n"
#| "# pre-existing user defined chains before we implement new rules.\n"
#| "iptables -F\n"
#| "iptables -X\n"
#| "iptables -Z\n"
#| "\n"
#| "iptables -t nat -F\n"
#| "\n"
#| "# Allow local-only connections\n"
#| "iptables -A INPUT -i lo -j ACCEPT\n"
#| "\n"
#| "# Free output on any interface to any ip for any service\n"
#| "# (equal to -P ACCEPT)\n"
#| "iptables -A OUTPUT -j ACCEPT\n"
#| "\n"
#| "# Permit answers on already established connections\n"
#| "# and permit new connections related to established ones\n"
#| "# (e.g. port mode ftp)\n"
#| "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
#| "\n"
#| "# Log everything else. What's Windows' latest exploitable vulnerability?\n"
#| "iptables -A INPUT -j LOG --log-prefix \"FIREWALL:INPUT \"\n"
#| "\n"
#| "# End $rc_base/rc.iptables</literal>\n"
#| "EOF\n"
#| "chmod 700 /etc/rc.d/rc.iptables</userinput>"
msgid ""
"<userinput>install -v -dm755 /etc/systemd/scripts\n"
"\n"
1025,97 → 936,6
#. type: Content of: <sect1><sect2><sect3><screen>
#: blfs-en/postlfs/security/firewalling.xml:460
#, no-wrap
#| msgid ""
#| "<userinput>cat &gt; /etc/rc.d/rc.iptables &lt;&lt; \"EOF\"\n"
#| "<literal>#!/bin/sh\n"
#| "\n"
#| "# Begin rc.iptables\n"
#| "\n"
#| "echo\n"
#| "echo \"You're using the example configuration for a setup of a firewall\"\n"
#| "echo \"from Beyond Linux From Scratch.\"\n"
#| "echo \"This example is far from being complete, it is only meant\"\n"
#| "echo \"to be a reference.\"\n"
#| "echo \"Firewall security is a complex issue, that exceeds the scope\"\n"
#| "echo \"of the configuration rules below.\"\n"
#| "echo \"You can find additional information\"\n"
#| "echo \"about firewalls in Chapter 4 of the BLFS book.\"\n"
#| "echo \"http://www.&lfs-domainname;/blfs\"\n"
#| "echo\n"
#| "\n"
#| "# Insert iptables modules (not needed if built into the kernel).\n"
#| "\n"
#| "modprobe nf_conntrack\n"
#| "modprobe nf_conntrack_ftp\n"
#| "modprobe xt_conntrack\n"
#| "modprobe xt_LOG\n"
#| "modprobe xt_state\n"
#| "\n"
#| "# Enable broadcast echo Protection\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\n"
#| "\n"
#| "# Disable Source Routed Packets\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/all/accept_source_route\n"
#| "\n"
#| "# Enable TCP SYN Cookie Protection\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/tcp_syncookies\n"
#| "\n"
#| "# Disable ICMP Redirect Acceptance\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/all/accept_redirects\n"
#| "\n"
#| "# Don't send Redirect Messages\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/conf/default/send_redirects\n"
#| "\n"
#| "# Drop Spoofed Packets coming in on an interface where responses\n"
#| "# would result in the reply going out a different interface.\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/conf/default/rp_filter\n"
#| "\n"
#| "# Log packets with impossible addresses.\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/conf/all/log_martians\n"
#| "\n"
#| "# Be verbose on dynamic ip-addresses (not needed in case of static IP)\n"
#| "echo 2 &gt; /proc/sys/net/ipv4/ip_dynaddr\n"
#| "\n"
#| "# Disable Explicit Congestion Notification\n"
#| "# Too many routers are still ignorant\n"
#| "echo 0 &gt; /proc/sys/net/ipv4/tcp_ecn\n"
#| "\n"
#| "# Set a known state\n"
#| "iptables -P INPUT DROP\n"
#| "iptables -P FORWARD DROP\n"
#| "iptables -P OUTPUT DROP\n"
#| "\n"
#| "# These lines are here in case rules are already in place and the\n"
#| "# script is ever rerun on the fly. We want to remove all rules and\n"
#| "# pre-existing user defined chains before we implement new rules.\n"
#| "iptables -F\n"
#| "iptables -X\n"
#| "iptables -Z\n"
#| "\n"
#| "iptables -t nat -F\n"
#| "\n"
#| "# Allow local connections\n"
#| "iptables -A INPUT -i lo -j ACCEPT\n"
#| "iptables -A OUTPUT -o lo -j ACCEPT\n"
#| "\n"
#| "# Allow forwarding if the initiated on the intranet\n"
#| "iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
#| "iptables -A FORWARD ! -i ppp+ -m conntrack --ctstate NEW -j ACCEPT\n"
#| "\n"
#| "# Do masquerading\n"
#| "# (not needed if intranet is not using private ip-addresses)\n"
#| "iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE\n"
#| "\n"
#| "# Log everything for debugging\n"
#| "# (last of all rules, but before policy rules)\n"
#| "iptables -A INPUT -j LOG --log-prefix \"FIREWALL:INPUT \"\n"
#| "iptables -A FORWARD -j LOG --log-prefix \"FIREWALL:FORWARD \"\n"
#| "iptables -A OUTPUT -j LOG --log-prefix \"FIREWALL:OUTPUT \"\n"
#| "\n"
#| "# Enable IP Forwarding\n"
#| "echo 1 &gt; /proc/sys/net/ipv4/ip_forward</literal>\n"
#| "EOF\n"
#| "chmod 700 /etc/rc.d/rc.iptables</userinput>"
msgid ""
"<userinput>install -v -dm755 /etc/systemd/scripts\n"
"\n"