fix to add more fixes on top of previous pull request

1 files changed, 18 insertions, 17 deletions

diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index bdfc2069..74d5bc20 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -4,26 +4,27 @@
 Firewall
 ########
 
-With VyOS being based on top of Linux and its kernel, the Netfilter project
+As VyOS is based on Linux it leverages its firewall. The Netfilter project
 created iptables and its successor nftables for the Linux kernel to
-work directly on the data flows. This now extends the concept of zone-based
-security to allow for manipulating the data at multiple stages once accepted
-by the network interface and the driver before being handed off to the
-destination (e.g., a web server OR another device).
+work directly on packet data flows. This now extends the concept of 
+zone-based security to allow for manipulating the data at multiple stages once 
+accepted by the network interface and the driver before being handed off to 
+the destination (e.g., a web server OR another device).
 
-A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in
-order to have a full view and understanding of how packets are processed, and
-what possible paths traffic can take.
+A simplified traffic flow diagram, based on Netfilter packet flow, is shown 
+next, in order to have a full view and understanding of how packets are 
+processed, and what possible paths traffic can take.
 
 .. figure:: /_static/images/firewall-gral-packet-flow.png
 
-Main points regarding this packet flow and terminology used in VyOS firewall are below:
+The main points regarding this packet flow and terminology used in VyOS 
+firewall are covered below:
 
-   * **Bridge Port?**: choose appropriate path based on whether interface where the
-     packet was received is part of a bridge, or not.
+   * **Bridge Port?**: choose appropriate path based on whether interface 
+     where the packet was received is part of a bridge, or not.
 
-If interface where the packet was received isn't part of a bridge, then packet
-is processed at the **IP Layer**:
+If the interface where the packet was received isn't part of a bridge, then 
+packetis processed at the **IP Layer**:
 
    * **Prerouting**: several actions can be done in this stage, and currently
      these actions are defined in different parts in VyOS configuration. Order
@@ -79,8 +80,8 @@ is processed at the **IP Layer**:
      * **Source NAT**: rules defined under ``set [nat | nat66]
        destination...``.
 
-If interface where the packet was received is part of a bridge, then packet
-is processed at the **Bridge Layer**, which contains a basic setup for
+If the interface where the packet was received is part of a bridge, then 
+packetis processed at the **Bridge Layer**, which contains a basic setup for
 bridge filtering:
 
    * **Forward (Bridge)**: stage where traffic that is trespasing through the
@@ -88,7 +89,7 @@ bridge filtering:
 
      * ``set firewall bridge forward filter ...``.
 
-Main structure VyOS firewall cli is shown next:
+The main structure VyOS firewall cli is shown next:
 
 .. code-block:: none
 
@@ -134,7 +135,7 @@ Main structure VyOS firewall cli is shown next:
             - custom_zone_name
                + ...
 
-Please, refer to appropiate section for more information about firewall
+Please, refer to appropriate section for more information about firewall
 configuration:
 
 .. toctree::