[firewall-guide] master: Corrected some spelling errors. (4476328)

sclark at fedoraproject.org sclark at fedoraproject.org
Fri Jan 23 17:50:59 UTC 2015 

Repository : http://git.fedorahosted.org/cgit/docs/firewall-guide.git

On branch  : master

>---------------------------------------------------------------

commit 447632875918bc6f19554016563176090314f0e0
Author: Simon Clark <simon.richard.clark at gmail.com>
Date:   Fri Jan 23 17:50:45 2015 +0000

    Corrected some spelling errors.


>---------------------------------------------------------------

 en-US/Using_Firewalls.xml |   77 ++++++++++++++++++++-------------------------
 1 files changed, 34 insertions(+), 43 deletions(-)

diff --git a/en-US/Using_Firewalls.xml b/en-US/Using_Firewalls.xml
index 3bef0ab..35e0a2d 100644
--- a/en-US/Using_Firewalls.xml
+++ b/en-US/Using_Firewalls.xml
@@ -1,68 +1,59 @@
-<?xml version='1.0' encoding='utf-8' ?>
+<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "firewall-guide.ent">
 ]>
-
 <chapter id="chapt-Documentation-Firewall_Guide-Using_Firewalls">
-<title>Using Firewalls</title>
-<section id="sec-Introduction_to_firewalld">
-<title>Introduction to firewalld</title>
-<para>
+  <title>Using Firewalls</title>
+  <section id="sec-Introduction_to_firewalld">
+    <title>Introduction to firewalld</title>
+    <para>
 The dynamic firewall daemon <systemitem class="daemon">firewalld</systemitem> provides a dynamically managed firewall with support for network zones to assign a level of trust to a network and its associated connections and interfaces. It has support for <systemitem class="protocol">IPv4</systemitem> and <systemitem class="protocol">IPv6</systemitem> firewall settings. It supports Ethernet bridges and has a separation of runtime and permanent configuration options. It also has an interface for services or applications to add firewall rules directly.
 </para>
-</section>
-
-<section id="sec-Understanding_firewalld">
-  <title>Understanding firewalld</title>
-  <para>
+    <para>
+	The firewall daemon manages the firewall dynamically, which means that it can apply changes without restarting the whole firewall. Therefore there is no need to reload all firewall kernel modules for every change. However, using a firewall daemon requires that all firewall modifications are done with that daemon to make sure that the state in the daemon and the firewall in kernel are in sync. The firewall daemon can not parse firewall rules added by the  <application>iptables</application> and <application>ebtables</application> command line tools. 
+</para>
+    <para>
+	The daemon provides information about the current active firewall settings via <application>D-BUS</application> and also accepts changes via <application>D-BUS</application> using <application>PolicyKit</application> authentication methods. 
+</para>
+  </section>
+  <section id="sec-Understanding_firewalld">
+    <title>Understanding firewalld</title>
+    <para>
     A graphical configuration tool, <application>firewall-config</application>, is used to configure <systemitem class="daemon">firewalld</systemitem>, which in turn uses <application>iptables tool</application> to communicate with <application>Netfilter</application> in the kernel which implements packet filtering.</para>
-     <para>
+    <para>
        To use the graphical <application>firewall-config</application> tool, press the super key and start typing <command>firewall</command>. The firewall icon will appear. Press enter once it is highlighted. The <application>firewall-config</application> tool appears. You will be prompted for your user password. <remark>Tested on Fedora 19 </remark>     </para>
-             <para>
+    <para>
     The <application>firewall-config</application> tool has drop a down selection menu labeled <guilabel>Current View</guilabel>. This enables selecting between <guibutton>Runtime Configuration</guibutton> and <guibutton>Permanent Configuration</guibutton> mode. Notice that if you select <guibutton>Permanent Configuration</guibutton>, an <guibutton>Edit Services</guibutton> button appears on the right hand side of the <guilabel>Services</guilabel> tab and an <guibutton>Edit ICMP Types</guibutton> button appears on the right hand side of the <guilabel>ICMP Filter</guilabel> tab. The reason these buttons only appear in permanent configuration mode is that runtime changes are limited to enabling or disabling a service. You cannot change a service's parameters in run time mode.
   </para>
-
-  <para>
+    <para>
 The firewall service provided by <systemitem class="daemon">firewalld</systemitem> is dynamic rather than static because changes to the configuration can be made at anytime and are immediately implemented, there is no need to save or apply the changes. No unintended disruption of existing network connections occurs as no part of the firewall has to be reloaded.</para>
-  <para>
+    <para>
     There is also an applet, <application>firewall-applet</application>, which can be used to quickly launch the <application>NetworkManager</application> configuration tab for the network connection in use. From the <guilabel>General</guilabel> tab changes to the assigned firewall zone can be made. This applet is not installed by default in &PRODUCT;. <remark>this may change</remark></para>
-  <para>
+    <para>
 A command line client, <application>firewall-cmd</application>, is provided. It can be used to make permanent and non-permanent run-time changes as explained in <filename>man firewall-cmd(1)</filename>. Permanent changes need to be made as explained in <filename>man firewalld(1)</filename>.
   </para>
-  <para>
+    <para>
      The configuration for <systemitem class="daemon">firewalld</systemitem> is stored in various XML files in <filename>/usr/lib/firewalld/</filename> and <filename>/etc/firewalld/</filename>. This allows a great deal of flexibility as the files can be edited, written to, backed up, used as templates for other installations and so on.
    </para>
-   <para>
+    <para>
 Other applications can communicate with <systemitem class="daemon">firewalld</systemitem> using D-bus. <remark>Where can users find more info about this?</remark>
    </para>
-
-</section>
-
-<section id="sec-Comparison_of_Firewalld_to_system-config-firewall">
-  <title>Comparison of Firewalld to system-config-firewall and iptables</title>
-  <para>
+  </section>
+  <section id="sec-Comparison_of_Firewalld_to_system-config-firewall">
+    <title>Comparison of Firewalld to system-config-firewall and iptables</title>
+    <para>
     The essential differences between <systemitem class="daemon">firewalld</systemitem> and the <application>iptables service</application>
  are:
-    <itemizedlist>
-      <listitem>
-      <para>
-        The <application>iptables service</application> stores configuration in <filename>/etc/sysconfig/iptables</filename> while <systemitem class="daemon">firewalld</systemitem> stores it in various XML files in <filename class='directory'>/usr/lib/firewalld/</filename> and <filename class='directory'>/etc/firewalld/</filename>. Note that the <filename>/etc/sysconfig/iptables</filename> file does not exist as <systemitem class="daemon">firewalld</systemitem> is installed be default on &PRODUCT;.
-      </para>
-    </listitem>
-    <listitem>
-     <para>
+    <itemizedlist><listitem><para>
+        The <application>iptables service</application> stores configuration in <filename>/etc/sysconfig/iptables</filename> while <systemitem class="daemon">firewalld</systemitem> stores it in various XML files in <filename class="directory">/usr/lib/firewalld/</filename> and <filename class="directory">/etc/firewalld/</filename>. Note that the <filename>/etc/sysconfig/iptables</filename> file does not exist as <systemitem class="daemon">firewalld</systemitem> is installed by default on &PRODUCT;.
+      </para></listitem><listitem><para>
     With the <application>iptables service</application>, every single change means flushing all the old rules and reading all the new rules from <filename>/etc/sysconfig/iptables</filename> while with <systemitem class="daemon">firewalld</systemitem> there is no re-creating of all the rules; only the differences are applied. Consequently, <systemitem class="daemon">firewalld</systemitem> can change the settings during run time without existing connections being lost.
-  </para>
-</listitem>
-    </itemizedlist>
+  </para></listitem></itemizedlist>
 Both use <application>iptables tool</application> to talk to the kernel packet filter.
 </para>
-<!--<para>
+    <!--<para>
   <remark>Insert diagram from Jiri Popelka showing the hierarchy of applications above the kernel packet filter that go to make up the firewall implementation</remark>
 </para> -->
-</section>
-
-
-
-    
- <!--Topics, Reference-->
+  </section>
+  <!--Topics, Reference-->
 </chapter>

More information about the docs-commits mailing list