Update firewalld-beginners.md (punctuation, wording, ...) #1276
Conversation
1 punctuation, 2. short guide on the subject 3. single for, ...
|
Hi @gannazhyrnova, |
|
@EzequielBruni take a look at some of the suggested changes made by @SergeCroise here. I've also made some recommendations on wording changes to avoid some problematic English language rules on hyphenation. :-) Let us know what you think. @SergeCroise please see the items that need to be fixed that I've noted. Thank you! |
|
Aside from the other comments I left (the only problem was basically some spaces where spaces shouldn't be), I'm fine with all of these edits. |
|
@SergeCroise will you at least fix the space issues noted here? If you don't want to modify the rest and since @EzequielBruni has no objections, I'll merge the remaining as is. |
Test results for 7545ace:
|
| @@ -138,14 +137,14 @@ firewall-cmd --permanent [the rest of your command] | |||
|
|
|||
| Before anything else, I need to explain zones. Zones are a feature that basically allow you to define different sets of rules for different situations. Zones are a huge part of `firewalld` so it pays to understand how they work. | |||
|
|
|||
| If your machine has multiple ways to connect to different networks (eg. Ethernet and WiFi), you can decide that one connection is more trusted than the other. You might set your Ethernet connection to the "trusted" zone if it's only connected to a local network that you built, and put the WiFi (which might be connected to the internet) in the "public" zone with more stringent restrictions. | |||
| If your machine has multiple ways to connect to different networks (e.g., Ethernet and Wi-Fi), you can decide that one connection is more trusted than the other. You might set your Ethernet connection to the "trusted" zone if it's only connected to a local network that you built , and put the Wi-Fi (which might be connected to the internet) in the "public" zone with more stringent restrictions. | |||
There was a problem hiding this comment.
Wi-Fi is the trademarked way of writing wireless fidelity, and you are correct here.
|
|
||
| !!! Note | ||
|
|
||
| A zone can *only* be in an active state if it has one of these two conditions: | ||
|
|
||
| 1. The zone is assigned to a network interface | ||
| 2. The zone is assigned source IPs or network ranges. (More on that below) | ||
| 2. The zone is assigned source IPs or network ranges (more on that below) |
There was a problem hiding this comment.
This is one of those cases where the period in the numbered list is correct. It is followed by a qualifying sentence, albeit in parentheses. (More on that below)... the difference is that the qualifying sentence should also have punctuation.
| @@ -167,7 +166,7 @@ Default zones include the following (I've taken this explanation from [DigitalOc | |||
|
|
|||
| > **trusted:** Trust all of the machines in the network. The most open of the available options and should be used sparingly. | |||
|
|
|||
| Okay, so some of those explanations get complicated, but Honestly? The average beginner can get by with understanding "trusted", "home", and "public", and when to use which. | |||
| Okay, so some of those explanations get complicated, but honestly? The average beginner can get by with understanding "trusted", "home", and "public", and when to use which. | |||
There was a problem hiding this comment.
In re-reading this, I'm wondering if the sentence is incorrectly punctuated midway with a "?" I think this would work better as two sentences:
Okay, so some of those explanations get complicated. Honestly, the average beginner can get by with understanding "trusted", "home", and "public", and when to use which.
| @@ -157,7 +156,7 @@ Default zones include the following (I've taken this explanation from [DigitalOc | |||
|
|
|||
| > **external:** External networks in the event that you are using the firewall as your gateway. It is configured for NAT masquerading so that your internal network remains private but reachable. | |||
|
|
|||
| > **internal:** The other side of the external zone, used for the internal portion of a gateway. The computers are fairly trustworthy and some additional services are available. | |||
| > **internal:** The other side of the external zone, used for the internal portion of a gateway. The computers are fairly trustworthy , and some additional services are available. | |||
There was a problem hiding this comment.
The comma's not wrong, but you've introduced an extra space here that is not correct.
| @@ -228,15 +227,15 @@ Every port is defined by a number, and some ports are reserved for specific serv | |||
|
|
|||
| Specifically, port 80 allows for transferring data via the Hypertext Transfer Protocol (HTTP), and port 443 is reserved for Hypertext Transfer Protocol Secure (HTTPS) data. * | |||
|
|
|||
| Port 22 is reserved for the Secure Shell protocol (SSH) which lets you log into and manage other machines via the command line (see [our short guide](ssh_public_private_keys.md) on the suject).A brand new remote server might only allow connections over port 22 for SSH, and nothing else. | |||
| Port 22 is reserved for the Secure Shell protocol (SSH) which lets you log into and manage other machines via the command line (see [our short guide](ssh_public_private_keys.md) on the subject). A brand-new remote server might only allow connections over port 22 for SSH, and nothing else. | |||
There was a problem hiding this comment.
See my comment above on hyphenated words.
| @@ -275,7 +274,7 @@ Services, as you might imagine, are fairly standardized programs that run on you | |||
| This is the preferred way to open up the ports for these common services, and a whole lot more: | |||
|
|
|||
| * HTTP and HTTPS: for web servers | |||
| * FTP: For moving files back and forth (the old fashioned way) | |||
| * FTP: For moving files back and forth (the old-fashioned way) | |||
There was a problem hiding this comment.
old way, rather than old-fashioned way
| @@ -285,7 +284,7 @@ This is the preferred way to open up the ports for these common services, and a | |||
|
|
|||
| Remember, SSH is what you use to log in to your server. Unless you have another way to access the physical server, or its shell (ie via. a control panel provided by the host), removing the SSH service will lock you out permanently. | |||
|
|
|||
| You'll either need to contact support to get your access back, or reinstall the OS entirely. | |||
| You'll either need to contact support to get your access back or reinstall the OS entirely. | |||
|
|
|||
There was a problem hiding this comment.
I'm not sure whether the comma test is correct or not, I usually have to defer to my editor to correct my own writing. That said, you've introduced an additional space here.
| @@ -315,7 +314,7 @@ firewall-cmd --zone=public --remove-service=http | |||
|
|
|||
| !!! Note "Note: You can add your own services" | |||
|
|
|||
| And customize the heck out of them, too. However, that's a topic that gets kind of complex. Get familiar with `firewalld` first, and go from there. | |||
| And customize the heck out of them, too. However, that's a topic that gets kind of complex. Get familiar with `firewalld` first and go from there. | |||
There was a problem hiding this comment.
and an additional space here too.
1 punctuation,
2. short guide on the subject
3. single for, ...
Author checklist (Completed by original Author)
Rocky Documentation checklist (Completed by Rocky team)