From 1ff3e3d4a43f065af4e9c8733c532fe82e985f32 Mon Sep 17 00:00:00 2001
From: Eric "Sparks" Christensen <sparks@fedoraproject.org>
Date: Jun 04 2013 13:46:08 +0000
Subject: Merge branch 'f19' of ssh://git.fedorahosted.org/git/securityguide into f19


---

diff --git a/en-US/Using_Firewalls.xml b/en-US/Using_Firewalls.xml
index b4dd4f6..25f550a 100644
--- a/en-US/Using_Firewalls.xml
+++ b/en-US/Using_Firewalls.xml
@@ -308,8 +308,8 @@ running</screen>
         <para>
       To start the graphical firewall configuration tool using the command line, enter the following command as root user:
       <screen>~]# <command>firewall-config</command></screen>
-      The <guilabel>Firewall Configuration</guilabel> window opens. Note, this command can be run as normal user but you will then be prompted for the root password from time to time.<remark>CHECKME: Need to check if its user or root password on RHEL7</remark> 
-      <remark>FIXME Make screenshot of GUI config tool and insert here </remark>
+      The <guilabel>Firewall Configuration</guilabel> window opens. Note, this command can be run as normal user but you will then be prompted for the root password from time to time.<!-- CHECKME: Need to check if its user or root password on RHEL7
+     FIXME Make screenshot of GUI config tool and insert here -->
     </para>
     <para>
       Look for the word Connected in the lower left corner. This indicates that the <application>firewall-config</application> tool is connected to the user space daemon, <systemitem class="daemon">firewalld</systemitem>.
@@ -361,7 +361,7 @@ running</screen>
     <section id="sec-Open_Ports_in_the_firewall">
       <title>Open Ports in the firewall</title>
     <para>
-      To permit traffic through the firewall to a certain port, start the <application>firewall-config</application> tool and select the network zone whose settings you want to change. Select the <guilabel>Ports</guilabel> tab and the click the <guibutton>Add</guibutton> button on the right hand side. The <guilabel>Port and Protocol</guilabel> window opens.<remark>FIXME Screen shot of the window with protocol dropdown open.</remark>
+      To permit traffic through the firewall to a certain port, start the <application>firewall-config</application> tool and select the network zone whose settings you want to change. Select the <guilabel>Ports</guilabel> tab and the click the <guibutton>Add</guibutton> button on the right hand side. The <guilabel>Port and Protocol</guilabel> window opens.<!-- FIXME Screen shot of the window with protocol dropdown open. -->
     </para> 
       <para>
         Enter the port number or range of ports to permit. Select <guilabel>tcp</guilabel> or <guilabel>udp</guilabel> from the drop down list.
@@ -417,7 +417,7 @@ running</screen>
     </para>
     <note>
       <para>
-        In order to make a command permanent or persistent, add the <option>--permanent</option> option to all commands apart from the <option>--direct</option> commands (which are by their nature temporary). Note that this not only means the change will be permanent but that the change will only take effect after firewall reload, service restart, or after system reboot. Settings made with <application>firewall-cmd</application> without the <option>--permanent</option> option take effect immediately, but are only valid till next firewall reload, system boot, or <systemitem class="daemon">firewalld</systemitem> service restart. Reloading the firewall does not in itself break connections, but be aware you are discarding temporary changes by doing so. <remark>FIXME: I will have to add a note to every section about adding --permanent as our instruction topics are supposed to be self contained.</remark>
+        In order to make a command permanent or persistent, add the <option>--permanent</option> option to all commands apart from the <option>--direct</option> commands (which are by their nature temporary). Note that this not only means the change will be permanent but that the change will only take effect after firewall reload, service restart, or after system reboot. Settings made with <application>firewall-cmd</application> without the <option>--permanent</option> option take effect immediately, but are only valid till next firewall reload, system boot, or <systemitem class="daemon">firewalld</systemitem> service restart. Reloading the firewall does not in itself break connections, but be aware you are discarding temporary changes by doing so. <!-- FIXME: I will have to add a note to every section about adding -permanent as our instruction topics are supposed to be self contained. -->
       </para>
     </note>
   </section>
@@ -473,11 +473,11 @@ This will list the names of the services in <filename>/usr/lib/firewalld/service
 
 <section id="sec-View_the_firewall_settings_using_NM_CLI">
   <title>View the firewall settings using nmcli</title>
-<para>
+<!-- <para>
    To find out all active zones with the interfaces assigned to them, enter the following command as root:
-   <screen>~]# <command><remark>FIXME: need nmcli command here equivilent to </remark>  --get-active-zones</command>
+   <screen>~]# <command><remark>FIXME: need nmcli command here equivilent to </remark>  -get-active-zones</command>
 public: em1</screen>
-</para>
+</para> -->
 
 <para>
    To get a list of all the interfaces and actions assigned to a zone, enter the following command: