https://bugzilla.redhat.com/show_bug.cgi?id=1198984
Bug ID: 1198984
Summary: firewalld: please improve documentation on using it on
a RedHat/Fedora/CentOS router
Product: Fedora Documentation
Version: devel
Component: cookbook
Assignee: docs(a)lists.fedoraproject.org
Reporter: razvan.sandu(a)mobexpert.ro
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: docs(a)lists.fedoraproject.org
Hello,
Description of problem:
Even using the rich-language feature, it is still rather difficult to figure
out
how to use firewalld on a RedHat/Fedora/CentOS system that is used as a router
(a "transparent" system).
That's because:
a. administrators will need *different* sets of rules/restrictions for access
to the router itself and to the various services that run beyond the router
(using or non using NAT).
b. It is not very clear how/where the predefined firewalld zones implement
their policies (ACCEPT or DROP) and when these policies apply to traffic
bounded *to* the router system or to traffic that *traverses* the router.
For example, an administrator needs an *easy* method to restrict VNC access
*to* the router itself (INPUT), but may want free VNC access to some server
located *behind* the router (FORWARD). In the second case, forwarding may (or
may not) imply NAT, depending if he goes on the Internet via the external
interface or simply goes in another LAN segment beyond the router.
c. It is not very clear how/where the predefined firewalld zones implement
their trafic rules ( *exceptions* to ACCEPT or DROP default policies) and when
these rules apply to traffic bounded *to* the router system or to traffic that
*traverses* the router.
Additional info:
Even it is not dynamic, the Shorewall application (http://shorewall.net/) acts
as a higher-level language over iptables, offering the same concepts of "zones"
for interfaces. Much of its conceptual architecture is directly applicable
("portable") to firewalld, if accepted by developers.
Somewhat different from conceptual point of view, the "zones" are "levels of
trust surrounding the router", including thr FW zone for the router itself.
(unlike firewalld, the shorewall zones have no "sources" or "services" embedded
in them).
IPv4 and IPv6 zones are completely separated (they actually represent different
levels of trust).
Administrators may directly define policies, i.e. allow *default* actions to be
done when an packet travels from a zone to another (ACCEPT, REJECT). The most
sane policy between any two zones is REJECT (with further exceptions defined as
rules, see below).
Rules are *exceptions to policies* , explicitly defined (based on various
criteria such as source IP, destination IP, ports, etc.)
Rules may be expressed via predefined (or customised) "macros" (which are the
direct equivalent of firewalld's "services").
IPv4 and IPv6 policy and rules are completely separated (IMHO that's good,
since the use of global IPv6 addresses pose completely different security
problems than NATted & externally firewalled IPv4).
Best regards,
Răzvan
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: typo in PV-Configuring_Additional_Devices
https://bugzilla.redhat.com/show_bug.cgi?id=755744
Summary: typo in PV-Configuring_Additional_Devices
Product: Fedora Documentation
Version: devel
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: virtualization-guide
AssignedTo: docs(a)lists.fedoraproject.org
ReportedBy: shaiton(a)fedoraproject.org
QAContact: nobody(a)fedoraproject.org
CC: kwade(a)redhat.com, oglesbyzm(a)gmail.com
Classification: Fedora
Story Points: ---
Type: ---
>From the file available in transifex,
Now you can configure the new network interfaces using
<command>redhat-config-network</command> or Red Hat Enterprise Linux3 or
<command>system-config-network</command> on Red Hat Enterprise Linux 4 and Red
Hat Enterprise Linux 5.
that should be "on" Red Hat.
I could have corrected that now that I have git access, but this git is still
for F14… There were plenty of update about virt since F14, is it outdated?
http://fedoraproject.org/wiki/Docs_Project_meetings#Guides
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1095977
Bug ID: 1095977
Summary: RFE: static IP assignment
Product: Fedora Documentation
Version: devel
Component: cookbook
Assignee: docs(a)lists.fedoraproject.org
Reporter: me(a)petetravis.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: docs(a)lists.fedoraproject.org
Static IP addresses are crucial for applications like DHCP servers or other
infrastructure that can't rely on external assignment. They're also helpful for
home users that want to predictably locate their Fedora installation.
Explain the use case for this and some alternative methods, then the procedure
for setting a setting a static IP using both ifcfg files and graphical methods.
Each method could be explained in a separate article; ie "... on the command
line" and "... with GNOME" and "... with KDE" and so on.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1101798
Bug ID: 1101798
Summary: RFE: Captive portal
Product: Fedora Documentation
Version: devel
Component: cookbook
Assignee: docs(a)lists.fedoraproject.org
Reporter: me(a)petetravis.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: docs(a)lists.fedoraproject.org
Create a recipe for configuring a simple captive portal with Fedora that will
require users to acknowledge a terms of use message before allowing connections
to pass.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1101796
Bug ID: 1101796
Summary: RFE: NAT router
Product: Fedora Documentation
Version: devel
Component: cookbook
Assignee: docs(a)lists.fedoraproject.org
Reporter: me(a)petetravis.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: docs(a)lists.fedoraproject.org
Create a recipe for using Fedora as a NAT router using Firewalld and
NetworkManager.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1096394
Bug ID: 1096394
Summary: RFE: Thin Client (Tracking Bug)
Product: Fedora Documentation
Version: devel
Component: cookbook
Assignee: docs(a)lists.fedoraproject.org
Reporter: me(a)petetravis.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: docs(a)lists.fedoraproject.org
Fedora can be used as a server and client environment for a thin client
deployment. Document the required procedures to do this.
Because of the broad scope and number of procedures involved, this should be
split up into recipes addressing component tasks. This bug will be used to
track the overall progress; please block this bug with any new bugs created for
the purpose.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1095945
Bug ID: 1095945
Summary: RFE: disabling head parking on spinning drives
Product: Fedora Documentation
Version: devel
Component: cookbook
Assignee: docs(a)lists.fedoraproject.org
Reporter: me(a)petetravis.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: docs(a)lists.fedoraproject.org
Some drives have aggressive APM, and the resulting frequent head parking can
negatively impact access latency and produce an annoying clicking sound.
Explain the theory, benefits, procedure, and risks of adjusting APM settings
with hdparm.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: How to increase the number of configured loop devices
https://bugzilla.redhat.com/show_bug.cgi?id=693536
Summary: How to increase the number of configured loop devices
Product: Fedora Documentation
Version: devel
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: virtualization-guide
AssignedTo: fedora-docs-list(a)redhat.com
ReportedBy: apevec(a)redhat.com
QAContact: nobody(a)fedoraproject.org
CC: stickster(a)gmail.com, kwade(a)redhat.com,
oglesbyzm(a)gmail.com
Classification: Fedora
Story Points: ---
Description of problem:
http://docs.fedoraproject.org/en-US/Fedora/13/html/Virtualization_Guide/sec…
Number of loop devices cannot be changed via modprobe.conf since loop is not a
kernel module anymore:
# grep DEV_LOOP /boot/config-2.6.34.8-68.fc13.x86_64
CONFIG_BLK_DEV_LOOP=y
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1198643
Bug ID: 1198643
Summary: Append parameters to grub.cfg
Product: Fedora Documentation
Version: devel
Component: virtualization-guide
Assignee: docs(a)lists.fedoraproject.org
Reporter: geanceretta(a)gmail.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: docs(a)lists.fedoraproject.org, lnovich(a)redhat.com,
zach(a)oglesby.co
Description of problem: The instructions[1] of how to append parameters to
Grub's grub.config file is obsolete on recent releases of Fedora. The file
/boot/grub/grub.conf doesn't exist anymore.
The way to do it now is (tested on Fedora 20):
1 - Edit /etc/default/grub
2 - Append information at the line GRUBCMDLINELINUX=" ... console=tty0
console=ttyS0,115200 ... ")
3 - Regenerate the /boot/grub2/grub.cfg file with the command "grub2-mkconfig
-o /boot/grub2/grub.cfg"
Link:
[1]
http://docs.fedoraproject.org/en-US/Fedora/18/html/Virtualization_Administr…
Additional info: The documentation is refered to version 18 where it should
work, but as we don't have a documentation in a most atual release of Fedora
for that subject, you can write a note for the users of most recent releases of
Fedora that came with Grub2, where the procedure is according with that listed
above.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
Greetings.
I know there's plans in progress to replace the fedoraproject docs, but
the current process was:
Someone pulls docs git repo from fedorahosted
Someone runs publican and pushes out the completed stuff to git repo.
We sync that git repo and push it out to our proxies.
However, fedorahosted.org is now retired.
So, what do we want to do here?
* Setup a pagure repo that has the same data as the fedorahosted one
did and use that until we replace it.
* Just don't worry about it now, and try and get a replacement pipeline
in place.
* Something else.
kevin