From Fedora Project Wiki

No edit summary
Line 43: Line 43:
  Error: Nothing to do
  Error: Nothing to do
  [root@fc17 ~]#
  [root@fc17 ~]#
: I fully agree with above. We just had a debate about this in irc. How this page hops directly into details without describing what zones are, how those are related to services and interfaces and how those should be used. After skimming this page through I still don't know and thus cannot apply the details from this page when don't have the big-picture what I'm doing. Same with the provided GUI, it just lists those but zone-concept still remains unclear. That with security is not a very good starting point. Note that I maintain multiple iptables based systems and have history from Cisco, Enterasys, CheckPoint FW1, Stonesoft firewall and many other network security systems. I would change that main article myself if I knew what I would be writing. But I don't, so I wont. Pushing this into production release without introducting people into it wasn't that smart after all. [[User:Tuju|Tuju]] ([[User talk:Tuju|talk]]) 12:08, 2 February 2013 (UTC)

Revision as of 12:08, 2 February 2013

Documentation by Example

Forgive my potential ignorance here - but perhapas the documentation needs to be approaced from the point of view of guiding the first time user: Imagine, if you will - I have just installed my first copy of Fedora. I install a network service. I find it doesn't work. I find it has a firewall. I find it has firewalld. I come here to see how to allow my service. I spend 30 minutes reading and am no closer to an answer. I even sign up to come post here. Most experienced sysadmins would have uninstalled and chucked away firewalld by now. I, have, however, not.

My point is this: It is paramount to have documentation by example. Long tedious explanations of how things work and why is meaningless. Most people just need a list of examples, find the right example - and use it. Or have the whole process automated in the first place.

If I could find the answer, I would post it here. But I haven't. Perhaps theres a forum somewhere where I can go become part of a community and get this to work. But I don't have the time or patience for that right now - a pity, yes.

I can't find a way to configure this firewall. In short, I want to add Synergys support: iptables -I INPUT -p tcp --dport 24800 -j ACCEPT

Here are my attempts:

 706  yum install system-config-firewall
 707  system-config-firewall
 708  yum install firewall-config
 710  yum remove system-config-firewall
 711  firewall-cmd 
 712  firewall-cmd STATUS
 713  firewall-cmd --state
 714  firewall-cmd --port=24800/tcp --service=synergys
 715  firewall-cmd --passthrough --port=24800/tcp --service=synergys
 717  firewall-cmd --state
 718  firewall-cmd --query
 719  firewall-cmd --disable
 720  firewall-cmd --panic
 721  man firewall-cmd 
 722  history | grep firew

No help whatsoever. So I just run the iptables command - but how long will it work? Do it put it in rc.d? ...

What have I learnt: Yes, s-c-firewall is incompatible with firewalld. firewall-config doesnt exist. Can't find it. --service commandline option isn't a comment field.

[root@fc17 ~]# yum install firewalld-config
Loaded plugins: langpacks, presto, refresh-packagekit
No package firewalld-config available.
Error: Nothing to do
[root@fc17 ~]# yum install firewall-config
Loaded plugins: langpacks, presto, refresh-packagekit
No package firewall-config available.
Error: Nothing to do
[root@fc17 ~]#


I fully agree with above. We just had a debate about this in irc. How this page hops directly into details without describing what zones are, how those are related to services and interfaces and how those should be used. After skimming this page through I still don't know and thus cannot apply the details from this page when don't have the big-picture what I'm doing. Same with the provided GUI, it just lists those but zone-concept still remains unclear. That with security is not a very good starting point. Note that I maintain multiple iptables based systems and have history from Cisco, Enterasys, CheckPoint FW1, Stonesoft firewall and many other network security systems. I would change that main article myself if I knew what I would be writing. But I don't, so I wont. Pushing this into production release without introducting people into it wasn't that smart after all. Tuju (talk) 12:08, 2 February 2013 (UTC)