Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 574546 Details for
Bug 809159
[PATCHES] F17 release notes proofreading
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
make firewalld less developer-centric, proofread and add some examples
0001-make-firewalld-less-developer-centric-proofread-and-.patch (text/plain), 7.02 KB, created by
T.C. Hollingsworth
on 2012-04-02 15:59:21 UTC
(
hide
)
Description:
make firewalld less developer-centric, proofread and add some examples
Filename:
MIME Type:
Creator:
T.C. Hollingsworth
Created:
2012-04-02 15:59:21 UTC
Size:
7.02 KB
patch
obsolete
>From 84b387005d799394b708c4c02f7e703630745d48 Mon Sep 17 00:00:00 2001 >From: "T.C. Hollingsworth" <tchollingsworth@gmail.com> >Date: Mon, 2 Apr 2012 08:55:39 -0700 >Subject: [PATCH] make firewalld less developer-centric, proofread and add > some examples > >--- > en-US/Security.xml | 79 ++++++++++++++++++++++++---------------------------- > 1 file changed, 37 insertions(+), 42 deletions(-) > >diff --git a/en-US/Security.xml b/en-US/Security.xml >index 87e6c6f..bc82303 100644 >--- a/en-US/Security.xml >+++ b/en-US/Security.xml >@@ -64,32 +64,31 @@ > With Fedora 15 the dynamic firewall with > <application>firewalld</application> was introduced with the > proof of concept implementation in Python as an optional >- component. The purpose of this feature request is to make >- <application>firewalld</application> the default firewall >- solution for Fedora 17. >+ component. <application>firewalld</application> is now the default >+ firewall solution for Fedora 17. > </para> > <para> > The dynamic firewall mode with >- <application>firewalld</application> will make it possible to >+ <application>firewalld</application> makes it possible to > change firewall settings without the need to restart the > firewall and will make persistent connections possible. This >- is for example very useful for services, that need to add >- additional firewall rules. <application>libvirtd</application> >- is one of them and also <application>openvpn</application> in >- the future. With the static firewall model these rules are lost >- if the firewall gets modified or restarted. The firewall daemon >+ is, for example, very useful for services that need to add >+ additional firewall rules, like <application>libvirtd</application> >+ and also <application>openvpn</application> in >+ the future. With the static firewall model, these rules were lost >+ when the firewall was modified or restarted. The firewall daemon > holds the current configuration internally and is able to > modify the firewall without the need to recreate the complete > firewall configuration; it is also able to restore the >- configuration in a service restart and reload case. Another use >+ configuration when a service is restarted or reloaded. Another use > case for the dynamic firewall mode is printer discovery. For this >- the discovery program will be started locally that sends out a >+ a discovery program will be started locally that sends out a > broadcast message. It will most likely get an answer from an >- unknown address (the new printer). This answer will be filtered >- by the firewall, because the answer is not related to the >- broadcast and the port of the program that was sending out the >- message is dynamic and therefore a fixed rule can not be created >- for this. With the dynamic firewall mode a time limited rule >+ unknown address (the new printer). This answer would normally be >+ filtered by the firewall, because the answer is not related to the >+ broadcast and the port of the program that was sending out the >+ message is dynamic. Therefore, a fixed rule can not be created >+ for this. With the dynamic firewall mode, a time limited rule > could be requested by the discovery program to allow the receival > of the answer. > </para> >@@ -99,13 +98,7 @@ > <para> > The <application>iptables</application> and > <application>ip6tables</application> services will not be >- enabled by default anymore. The required changes in the >- init scripts are >- simple. <application>system-config-firewall</application> >- will not be installed by default anymore, but >- <application>firewalld</application> with the user land >- tools will be installed by default. The needed changes in >- comps are simple. >+ enabled by default anymore. > </para> > </important> > </para> >@@ -118,58 +111,60 @@ > <application>gnome printer settings</application>. > </para> > <para> >- An explicit transition is planned after Fedora 18 with dropping >+ An explicit transition is planned after Fedora 18, dropping > support for the static firewall with system-config-firewal/lokkit. > A migration from the static firewall model will be needed then. > </para> > <itemizedlist mark='bullet'> >- <title>How to test</title> >+ <title>Using <application>firewalld</application> from the command >+ line</title> > <listitem> > <para> >- Install <application>firewalld</application> and >- <application>firewall-applet</application> >- </para> >- </listitem> >- <listitem> >- <para> >- Start the <application>firewalld</application> service >+ Use firewall-cmd to enable, for example, >+ <application>ssh</application>: >+<screen> >+# firewall-cmd --add --service=ssh >+</screen> > </para> > </listitem> > <listitem> > <para> >- Start the tray applet >- <application>firewall-applet</application> >+ Enable <application>samba</application> for 10 seconds: >+<screen> >+# firewall-cmd --add --service=samba --timeout=10 >+</screen> > </para> > </listitem> > <listitem> > <para> >- Use firewall-cmd to enable for example ssh: >+ Enable <application>ipp-client</application>: > <screen> >-# firewall-cmd --add --service=ssh >+# firewall-cmd --add --service=ipp-client > </screen> > </para> > </listitem> > <listitem> > <para> >- Enable <application>samba</application> for 10 seconds: >+ Disable <application>ipp-client</application>: > <screen> >-# firewall-cmd --add --service=samba --timeout=10 >+# firewall-cmd --remove --service=ipp-client > </screen> > </para> > </listitem> > <listitem> > <para> >- Enable <application>ipp-client</application>: >+ Enable a range of ports (5900-5920 over TCP in this >+ example): > <screen> >-# firewall-cmd --add --service=ipp-client >+# firewall-cmd --add --port=5900-5920:tcp > </screen> > </para> > </listitem> > <listitem> > <para> >- Disable <application>ipp-client</application>: >+ Disable a specific port (8080 in this example): > <screen> >-# firewall-cmd --remove --service=ipp-client >+# firewall-cmd --remove --port=8080:tcp > </screen> > </para> > </listitem> >-- >1.7.9.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 809159
: 574546 |
574552
|
574553
|
574554
|
574556