Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network Firewall docs (issue #1025) #1060

Merged
merged 3 commits into from
Jun 26, 2015
Merged

Network Firewall docs (issue #1025) #1060

merged 3 commits into from
Jun 26, 2015

Conversation

harlo
Copy link
Contributor

@harlo harlo commented Jun 23, 2015

as per #1025

@garrettr
Copy link
Contributor

👍 What do you think @dolanjs @conorsch?

dolanjs
dolanjs reviewed Jun 23, 2015
View reviewed changes
docs/network_firewall.md
@@ -81,7 +81,7 @@ Leave the defaults for "Time Server Information". Click Next.

On "Configure WAN Interface", enter the appropriate configuration for your network. Consult your local sysadmin if you are unsure what to enter here. For many environments, the default of DHCP will work and the rest of the fields can be left blank. Click Next.

For "Configure LAN Interface", set the IP address and subnet mask of the Application Subnet for the LAN interface. Click Next.
For "Configure LAN Interface", set the IP address and subnet mask of the Application Subnet for the LAN interface. Be sure that the CIDR prefix correctly corresponds to your subnet mask-- pfsense should automatically calculate this for you, but you should always check. Click Next.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add that for the values used in the doc the CIDR should be /24 So they don't need to look it up?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Furthermore, in L36, I suggest: This is a very common subnet choice for home routers. -> The /24 subnet is a common choice for home routers. Specifically referring to the subnet by CIDR notation adds clarity for non-technical folks, at no cost to clarity for technical audiences.

@harlo
Copy link
Contributor Author

harlo commented Jun 23, 2015

...maybe we add something like, "default will always be /24"? are other configs supported?

@conorsch conorsch mentioned this pull request Jun 23, 2015
Closed
@dolanjs
Copy link
Contributor

dolanjs commented Jun 23, 2015

In the install docs we recommend using the 10.20.2.0 network with a subnet mask 255.255.255.0 for the monitor server's network. /24 is the CIDR notation for the 255.255.255.0 subnet mask.

It is configurable by the admin to accommodate certain edge cases. One of which is if the 10.20.1.0 or 10.20.2.0 networks are in use someplace else in the corporate environment. Then the admin would want to use a different network(s) for the app and monitor server networks to avoid routing table issues with SD network firewall.

Any internal ip range netmask that provides 2 usable IP addresses will work.

@conorsch
Copy link
Contributor

One more change: In L36 This is a very common subnet choice for home routers. -> The /24 subnet is a common choice for home routers. Specifically referring to the subnet by CIDR notation adds clarity for non-technical folks, at no cost to clarity for technical audiences.

Then we should be all set.

@conorsch conorsch added this to the 0.3.4 milestone Jun 24, 2015
@garrettr
Copy link
Contributor

Agree with @conorsch's last comment. One of the best pieces of advice about writing clearly I've ever received is to always carefully consider the use of the word "this". It may seem clear to the writer at the time of writing due to their mental context, but it is often ambiguous and confusing!

@garrettr
Copy link
Contributor

lgtm. Ready to merge @harlo?

harlo pushed a commit that referenced this pull request Jun 26, 2015
Merge pull request #1060 from harlo/1025_network_firewall
44adebb 
Network Firewall docs (issue #1025)
@harlo harlo merged commit 44adebb into freedomofpress:release/0.3.4 Jun 26, 2015
@harlo harlo deleted the 1025_network_firewall branch June 26, 2015 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.3.4
Development

Successfully merging this pull request may close these issues.
4 participants
@harlo @garrettr @dolanjs @conorsch