Description of problem:
On the following pages, the documentation isn't accurate/clear
Version-Release number of selected component (if applicable):
RHEL 5.x, 6.x
Steps to Reproduce:
The "firewall" section of the kickstart page explains the use of the --trust option. However, the verbiage isn't clear. It is TECHNICALLY accurate, but in practical real-world use, it's a bit ambiguous.
The current version is:
"--trust= — Listing a device here, such as eth0, allows all traffic coming from that device to go through the firewall. To list more than one device, use --trust eth0 --trust eth1. Do NOT use a comma-separated format such as --trust eth0, eth1."
The problem is, "allows all traffic coming from that device to go through the firewall"
This phrasing makes it sound like all traffic coming from the device, and going out the interface is allowed. Giving the impression that it has no affect on incoming traffic for the device.
Suggestion: Change the verbage to read something like: "allows all traffic from/to that interface."
Thanks for reporting this, and sorry for the delay in replying.
Would the following rewrite address the issue?
"Listing a device here, such as eth0, allows all traffic coming to and from that device to go through the firewall."
I haven't used 'interface' as I can't see a distinctive reason for doing so, but if you feel it should be included, let me know why and I'll edit accordingly.
Thanks for looking into this. I know it's a trivial change. But I had to take the time to mockup and confirm the behavior, and I assume others may need to as well.. So having the docs be a little more clear may help others too.
As for the rewrite, I think that phrasing should be more than sufficient. Thanks!
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.
Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.