From: Laurence J. Lane Description: cleanup "allows to", triggered lintian grammar warning --- a/extensions/libipt_ECN.man +++ b/extensions/libipt_ECN.man @@ -1,4 +1,4 @@ -This target allows to selectively work around known ECN blackholes. +This target selectively works around known ECN blackholes. It can only be used in the mangle table. .TP \fB\-\-ecn\-tcp\-remove\fP --- a/extensions/libxt_AUDIT.man +++ b/extensions/libxt_AUDIT.man @@ -1,4 +1,4 @@ -This target allows to create audit records for packets hitting the target. +This target allows creates audit records for packets hitting the target. It can be used to record accepted, dropped, and rejected packets. See auditd(8) for additional details. .TP --- a/extensions/libxt_CHECKSUM.man +++ b/extensions/libxt_CHECKSUM.man @@ -1,4 +1,4 @@ -This target allows to selectively work around broken/old applications. +This target selectively works around broken/old applications. It can only be used in the mangle table. .TP \fB\-\-checksum\-fill\fP --- a/extensions/libxt_CT.man +++ b/extensions/libxt_CT.man @@ -1,4 +1,4 @@ -The CT target allows to set parameters for a packet or its associated +The CT target sets parameters for a packet or its associated connection. The target attaches a "template" connection tracking entry to the packet, which is then used by the conntrack core when initializing a new ct entry. This target is thus only valid in the "raw" table. --- a/extensions/libxt_DSCP.man +++ b/extensions/libxt_DSCP.man @@ -1,4 +1,4 @@ -This target allows to alter the value of the DSCP bits within the TOS +This target alters the value of the DSCP bits within the TOS header of the IPv4 packet. As this manipulates a packet, it can only be used in the mangle table. .TP --- a/extensions/libxt_TCPMSS.man +++ b/extensions/libxt_TCPMSS.man @@ -1,4 +1,4 @@ -This target allows to alter the MSS value of TCP SYN packets, to control +This target alters the MSS value of TCP SYN packets, to control the maximum size for that connection (usually limiting it to your outgoing interface's MTU minus 40 for IPv4 or 60 for IPv6, respectively). Of course, it can only be used --- a/extensions/libxt_osf.c +++ b/extensions/libxt_osf.c @@ -40,7 +40,7 @@ "--ttl level Use some TTL check extensions to determine OS:\n" " 0 true ip and fingerprint TTL comparison. Works for LAN.\n" " 1 check if ip TTL is less than fingerprint one. Works for global addresses.\n" - " 2 do not compare TTL at all. Allows to detect NMAP, but can produce false results.\n" + " 2 do not compare TTL at all. This allows NMAP detection, but can produce false results.\n" "--log level Log determined genres into dmesg even if they do not match desired one:\n" " 0 log all matched or unknown signatures.\n" " 1 log only first one.\n" --- a/iptables/iptables.8.in +++ b/iptables/iptables.8.in @@ -244,13 +244,13 @@ This option has no effect in iptables and iptables-restore. If a rule using the \fB\-4\fP option is inserted with (and only with) ip6tables-restore, it will be silently ignored. Any other uses will throw an -error. This option allows to put both IPv4 and IPv6 rules in a single rule file +error. This option allows IPv4 and IPv6 rules in a single rule file for use with both iptables-restore and ip6tables-restore. .TP \fB\-6\fP, \fB\-\-ipv6\fP If a rule using the \fB\-6\fP option is inserted with (and only with) iptables-restore, it will be silently ignored. Any other uses will throw an -error. This option allows to put both IPv4 and IPv6 rules in a single rule file +error. This option allows IPv4 and IPv6 rules in a single rule file for use with both iptables-restore and ip6tables-restore. This option has no effect in ip6tables and ip6tables-restore. .TP