Bug 1288691
Summary: | MIscellaneous errors in Security Guide | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Kwan Lowe <kwan> | ||||
Component: | doc-Security_Guide | Assignee: | Robert Krátký <rkratky> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | ecs-bugs | ||||
Severity: | low | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 7.3 | CC: | rhel-docs | ||||
Target Milestone: | rc | Keywords: | Documentation | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-01-07 12:26:08 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Kwan Lowe
2015-12-05 03:32:57 UTC
(In reply to Kwan Lowe from comment #0) Kwan, thank you for taking the time to report these issues. I corrected the mistakes, improved legibility, and added a number of other fixes as well. Some comments below: > 4.5.3.6.3 > The example command is not working as expected. If I understand correctly, > the --direct option should query the underlying iptables. > > If I run the example (firewall-cmd --direct --get-rules ipv4 filter > IN_public_allow) nothing is returned. If I understand the documentation > correcty, it should return output at least similar to that from: iptables > --table filter --list IN_public_allow > > Example: > > [root@vm-centos7-001 ~]# firewall-cmd --direct --get-rules ipv4 filter > IN_public_allow > [root@vm-centos7-001 ~]# iptables --table filter --list IN_public_allow > Chain IN_public_allow (1 references) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > ctstate NEW > > I'm not certain if this is a documentation bug or one with the firewall-cmd. This was a mistake in the documentation. I added an explanation: "Note that this command (the --get-rules option) only lists rules previously added using the --add-rule option. It does not list existing iptables rules added by other means." > 4.5.3.7.1 > This is a bit of a nit-pick, but since the examples are partially BNF, using > full BNF might be appropriate. Also, the "seconds" is not absolutely > correct as timeout can be specified in seconds, minutes or hours (s,m,h). > For clarity, it might be better to give a specific example with an > explanation. > > OLD: > firewall-cmd [--zone=zone] --add-rich-rule='rule' [--timeout=seconds] > > NEW: > firewall-cmd [--zone=<zone>] --add-rich-rule='rule' [--timeout=<timeval>] The documentation uses DocBook as its source format, which (mostly) follows EBNF -- therefore, angle brackets ('<>') are not used. Instead, cursive is used to denote a replaceable value. The updated guide is live on the portal. |