|
 |
136e2c |
From 89ca8f9c06a5252581b4428d8f53a3e5167a4c2d Mon Sep 17 00:00:00 2001
|
|
|
136e2c |
From: Eric Garver <eric@garver.life>
|
|
|
136e2c |
Date: Tue, 20 Aug 2019 09:01:17 -0400
|
|
|
136e2c |
Subject: [PATCH] doc: add --default-config and --system-config
|
|
|
136e2c |
|
|
|
136e2c |
They were already in the --help output of commands, but now they'll be
|
|
|
136e2c |
in the man page. These option are heavily used by the testsuite, but may
|
|
|
136e2c |
be useful to users as well.
|
|
|
136e2c |
|
|
|
136e2c |
Fixes: rhbz 1740074
|
|
|
136e2c |
(cherry picked from commit d48c6f7800114b88f8abe0799b32b9f94fa82790)
|
|
|
136e2c |
---
|
|
|
136e2c |
doc/xml/firewall-offline-cmd.xml | 30 ++++++++++++++++++++++++++++--
|
|
|
136e2c |
doc/xml/firewalld.xml.in | 26 +++++++++++++++++++++++---
|
|
|
136e2c |
2 files changed, 51 insertions(+), 5 deletions(-)
|
|
|
136e2c |
|
|
|
136e2c |
diff --git a/doc/xml/firewall-offline-cmd.xml b/doc/xml/firewall-offline-cmd.xml
|
|
|
136e2c |
index d66f45abb753..aeaf3dc0ebd5 100644
|
|
|
136e2c |
--- a/doc/xml/firewall-offline-cmd.xml
|
|
|
136e2c |
+++ b/doc/xml/firewall-offline-cmd.xml
|
|
|
136e2c |
@@ -110,6 +110,27 @@
|
|
|
136e2c |
</para>
|
|
|
136e2c |
</listitem>
|
|
|
136e2c |
</varlistentry>
|
|
|
136e2c |
+
|
|
|
136e2c |
+ <varlistentry>
|
|
|
136e2c |
+ <term><option>--default-config</option></term>
|
|
|
136e2c |
+ <listitem>
|
|
|
136e2c |
+ <para>
|
|
|
136e2c |
+ Path to firewalld default configuration. This usually defaults to
|
|
|
136e2c |
+ <filename class="directory">/usr/lib/firewalld</filename>.
|
|
|
136e2c |
+ </para>
|
|
|
136e2c |
+ </listitem>
|
|
|
136e2c |
+ </varlistentry>
|
|
|
136e2c |
+
|
|
|
136e2c |
+ <varlistentry>
|
|
|
136e2c |
+ <term><option>--system-config</option></term>
|
|
|
136e2c |
+ <listitem>
|
|
|
136e2c |
+ <para>
|
|
|
136e2c |
+ Path to firewalld system (user) configuration. This usually defaults
|
|
|
136e2c |
+ to <filename class="directory">/etc/firewalld</filename>.
|
|
|
136e2c |
+ </para>
|
|
|
136e2c |
+ </listitem>
|
|
|
136e2c |
+ </varlistentry>
|
|
|
136e2c |
+
|
|
|
136e2c |
</variablelist>
|
|
|
136e2c |
</refsect2>
|
|
|
136e2c |
|
|
|
136e2c |
@@ -138,8 +159,13 @@
|
|
|
136e2c |
<term><option>--check-config</option></term>
|
|
|
136e2c |
<listitem>
|
|
|
136e2c |
<para>
|
|
|
136e2c |
- Run checks on the permanent configuration. This includes XML validity
|
|
|
136e2c |
- and semantics.
|
|
|
136e2c |
+ Run checks on the permanent (default and system) configuration. This
|
|
|
136e2c |
+ includes XML validity and semantics.
|
|
|
136e2c |
+ </para>
|
|
|
136e2c |
+ <para>
|
|
|
136e2c |
+ This is may be used with <option>--system-config</option> to check
|
|
|
136e2c |
+ the validity of handwritten configuration files before copying them
|
|
|
136e2c |
+ to the standard location.
|
|
|
136e2c |
</para>
|
|
|
136e2c |
</listitem>
|
|
|
136e2c |
</varlistentry>
|
|
|
136e2c |
diff --git a/doc/xml/firewalld.xml.in b/doc/xml/firewalld.xml.in
|
|
|
136e2c |
index de8020591cd1..c076d4b55738 100644
|
|
|
136e2c |
--- a/doc/xml/firewalld.xml.in
|
|
|
136e2c |
+++ b/doc/xml/firewalld.xml.in
|
|
|
136e2c |
@@ -76,6 +76,16 @@
|
|
|
136e2c |
</listitem>
|
|
|
136e2c |
</varlistentry>
|
|
|
136e2c |
|
|
|
136e2c |
+ <varlistentry>
|
|
|
136e2c |
+ <term><option>--default-config</option></term>
|
|
|
136e2c |
+ <listitem>
|
|
|
136e2c |
+ <para>
|
|
|
136e2c |
+ Path to firewalld default configuration. This usually defaults to
|
|
|
136e2c |
+ <filename class="directory">/usr/lib/firewalld</filename>.
|
|
|
136e2c |
+ </para>
|
|
|
136e2c |
+ </listitem>
|
|
|
136e2c |
+ </varlistentry>
|
|
|
136e2c |
+
|
|
|
136e2c |
<varlistentry>
|
|
|
136e2c |
<term><option>--debug</option><optional>=<replaceable>level</replaceable></optional></term>
|
|
|
136e2c |
<listitem>
|
|
|
136e2c |
@@ -111,6 +121,16 @@
|
|
|
136e2c |
</para>
|
|
|
136e2c |
</listitem>
|
|
|
136e2c |
</varlistentry>
|
|
|
136e2c |
+
|
|
|
136e2c |
+ <varlistentry>
|
|
|
136e2c |
+ <term><option>--system-config</option></term>
|
|
|
136e2c |
+ <listitem>
|
|
|
136e2c |
+ <para>
|
|
|
136e2c |
+ Path to firewalld system (user) configuration. This usually defaults
|
|
|
136e2c |
+ to <filename class="directory">/etc/firewalld</filename>.
|
|
|
136e2c |
+ </para>
|
|
|
136e2c |
+ </listitem>
|
|
|
136e2c |
+ </varlistentry>
|
|
|
136e2c |
</variablelist>
|
|
|
136e2c |
</refsect1>
|
|
|
136e2c |
|
|
|
136e2c |
@@ -120,7 +140,7 @@
|
|
|
136e2c |
firewalld has a D-Bus interface for firewall configuration of services and applications. It also has a command line client for the user. Services or applications already using D-Bus can request changes to the firewall with the D-Bus interface directly. For more information on the firewalld D-Bus interface, please have a look at <citerefentry><refentrytitle>firewalld.dbus</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
|
|
136e2c |
</para>
|
|
|
136e2c |
<para>
|
|
|
136e2c |
- firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in <filename class="directory">/usr/lib/firewalld</filename> or <filename class="directory">/etc/firewalld</filename> (see <xref linkend="directories"/>).
|
|
|
136e2c |
+ firewalld provides support for zones, predefined services and ICMP types and has a separation of runtime and permanent configuration options. Permanent configuration is loaded from XML files in <filename class="directory">/usr/lib/firewalld</filename> (<option>--default-config</option>) or <filename class="directory">/etc/firewalld</filename> (<option>--system-config</option>) (see <xref linkend="directories"/>).
|
|
|
136e2c |
</para>
|
|
|
136e2c |
<para>
|
|
|
136e2c |
If NetworkManager is not in use and firewalld gets started after the network is already up, the connections and manually created interfaces are not bound to the zone specified in the ifcfg file.
|
|
|
136e2c |
@@ -190,7 +210,7 @@
|
|
|
136e2c |
</para>
|
|
|
136e2c |
|
|
|
136e2c |
<refsect2>
|
|
|
136e2c |
- <title>Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename></title>
|
|
|
136e2c |
+ <title>Default/Fallback configuration in <filename class="directory">/usr/lib/firewalld</filename> (<option>--default-config</option>)</title>
|
|
|
136e2c |
|
|
|
136e2c |
<para>
|
|
|
136e2c |
This directory contains the default and fallback configuration provided by firewalld for icmptypes, services and zones. The files provided with the firewalld package should not get changed and the changes are gone with an update of the firewalld package. Additional <option>icmptypes</option>, <option>services</option> and <option>zones</option> can be provided with packages or by creating files.
|
|
|
136e2c |
@@ -198,7 +218,7 @@
|
|
|
136e2c |
</refsect2>
|
|
|
136e2c |
|
|
|
136e2c |
<refsect2>
|
|
|
136e2c |
- <title>System configuration settings in <filename class="directory">/etc/firewalld</filename></title>
|
|
|
136e2c |
+ <title>System configuration settings in <filename class="directory">/etc/firewalld</filename> (<option>--system-config</option>)</title>
|
|
|
136e2c |
|
|
|
136e2c |
<para>
|
|
|
136e2c |
The system or user configuration stored here is either created by the system administrator or by customization with the configuration interface of firewalld or by hand. The files will overload the default configuration files.
|
|
|
136e2c |
--
|
|
|
136e2c |
2.20.1
|
|
|
136e2c |
|