On 10/17/2019 11:35 AM, Bruce Dubbs via blfs-dev wrote:
On 10/16/19 9:14 PM, DJ Lucas via blfs-dev wrote:
So, here is draft2. Been a bit busy lately, but I finally got some
time tonight to address the surrounding text. My eyes are starting to
glaze over. Of note, I've separated the firewall description page
from Iptables, added nftables (and its required libraries libmnl and
libnftnl), and added firewalld as a frontend for both (along with the
required python modules decorator and slip). I'd appreciate any
feedback on the changes, especially the text changes. The only known
issues off the top of my head are the generic (and likely wrong)
descriptions for the utilities with firewalld - which I'll fix later
as I simply forgot about them until I was reading the rendered book
just now - and I'll need to add specific nf_contrack kernel
configuration notes for firewalld.
Rendered copies of the books are at:
http://www.linuxfromscratch.org/~dj/blfs-book/
and
http://www.linuxfromscratch.org/~dj/blfs-systemd/
The diff is also available if you'd like to look at it that way at:
http://www.linuxfromscratch.org/~dj/firewall-changes.svnstash
Also of note is the bootscript for sysv, and the patch (should be the
same as the one for 0.7.1 and is priority bug upstream with a waiting
PR):
http://www.linuxfromscratch.org/~dj/firewalld
http://www.linuxfromscratch.org/~dj/firewalld-0.7.2-builtin-1.patch
I think we need to explicitly say somewhere that iptables and nftables
are mutually exclusive. It may seem obvious to us, but for those new
to firewalls, it may not be.
Actually, they aren't. They can work in tandem. I can't think of a
reason somebody would want to do that, and I cringe at the complexity of
such a setup, but it is possible (note the circular dependency). They
both still ultimately control netfilter in the kernel, but, I follow -
for the purposes of the book, they probably should be. And, I kind of
did mention this in firewalling.xml, but I can make it more prominent.
Also, I would like to see package title headers use the title case of
the tarball. That is firewalld, not Firewalld. I know we do this in
a lot of places and are quite inconsistent. I don't know if it
worthwhile going through the entire book and changing though.
It wouldn't be all that difficult to do, over time, section by section
seems reasonable. However, the previous rule was however the developer
uses it on public websites or in documentation. For example, the title
of the web page for systemd at FDO is "systemd System and Service
Manager" so should be lower case. Looking at firewalld, it too should be
all lowercase. Same thing for iptables and nftables. GNU Coreutils uses
a capital "C." "System V Init" is an odd one that doesn't match the
tarball name at all, though a lot of sites use "SysVinit." There really
is no consistency upstream, so I think it is up to us. The name of the
tarball is one method, always capitalizing titles is another, and using
the developer's choice is a third, among others. The first of those is
probably most consistent but the TOC won't be a pretty.
--DJ
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
