Bug 813385

Summary: Update document for clarity.
Product: Red Hat Enterprise Linux 5 Reporter: Jeff Palmer <jeff>
Component: doc-Installation_GuideAssignee: Petr Bokoc <pbokoc>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.8Keywords: Documentation
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-02 13:34:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Palmer 2012-04-17 15:50:20 UTC 
Description of problem:
On the following pages,  the documentation isn't accurate/clear

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/s1-kickstart2-options.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-options.html

Version-Release number of selected component (if applicable):

RHEL 5.x, 6.x


How reproducible:
N/A

Steps to Reproduce:
N/A
  
Actual results:
N/A

Expected results:
N/A

Additional info:
The "firewall" section of the kickstart page explains the use of the --trust option. However, the verbiage isn't clear.  It is TECHNICALLY accurate, but in practical real-world use, it's a bit ambiguous.

The current version is:
"--trust= — Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1. Do NOT use a comma-separated format such as --trust eth0, eth1."

The problem is,  "allows all traffic coming from that device to go through the firewall"
This phrasing makes it sound like all traffic coming from the device, and going out the interface is allowed. Giving the impression that it has no affect on incoming traffic for the device.

Suggestion:  Change the verbage to read something like: "allows all traffic from/to that interface."
Comment 1 Jack Reed 2013-03-21 02:21:01 UTC 
Hi Jeff,

Thanks for reporting this, and sorry for the delay in replying.

Would the following rewrite address the issue?

"Listing a device here, such as eth0, allows all traffic coming to and from that device to go through the firewall."

I haven't used 'interface' as I can't see a distinctive reason for doing so, but if you feel it should be included, let me know why and I'll edit accordingly.
Comment 2 Jeff Palmer 2013-03-21 02:48:25 UTC 
Jack,

Thanks for looking into this.  I know it's a trivial change. But I had to take the time to mockup and confirm the behavior,  and I assume others may need to as well.. So having the docs be a little more clear may help others too.

As for the rewrite, I think that phrasing should be more than sufficient. Thanks!
Comment 6 RHEL Program Management 2013-05-01 06:38:49 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.