1 files changed, 87 insertions, 0 deletions

diff --git a/docs/docs/stable/mcc-help/en/drakfirewall.xml b/docs/docs/stable/mcc-help/en/drakfirewall.xml
new file mode 100644
index 00000000..c4038afa
--- /dev/null
+++ b/docs/docs/stable/mcc-help/en/drakfirewall.xml
@@ -0,0 +1,87 @@
+<?xml version='1.0' encoding='utf-8'?><section xmlns="http://docbook.org/ns/docbook" xmlns:ns5="http://www.w3.org/1998/Math/MathML" xmlns:ns4="http://www.w3.org/2000/svg" xmlns:ns3="http://www.w3.org/1999/xhtml" xmlns:ns2="http://www.w3.org/1999/xlink" xmlns:ns="http://docbook.org/ns/docbook" xml:id="drakfirewall" version="5.0">
+  <info>
+    <title xml:id="drakfirewall-ti1">Set up your personal firewall</title>
+
+    <subtitle>drakfirewall</subtitle>
+  </info>
+
+  <mediaobject>
+    <imageobject>
+      <imagedata revision="1" fileref="drakfirewall.png" align="center" xml:id="drakfirewall-im1" format="PNG"/>
+    </imageobject>
+  </mediaobject>
+
+  <para>This tool<footnote>
+      <para>You can start this tool from the command line, by typing <emphasis role="bold">drakfirewall</emphasis> as root.</para>
+    </footnote> is found under the Security tab in the Mageia Control Center
+  labelled "Set up your personal firewall". It is the same tool in the first
+  tab of "Configure system security, permissions and audit".</para>
+
+  <para>A basic firewall is installed by default with Mageia. All the incoming
+  connections from the outside are blocked if they aren't authorised. In the
+  first screen above, you can select the services for which outside connection
+  attempts are accepted. For your security, uncheck the first box -
+  <guilabel>Everything (no firewall)</guilabel> - unless you want to disable
+  the firewall, and only check the needed services.</para>
+
+  <para>It is possible to manually enter the port numbers to open. Click on
+  <guibutton>Advanced</guibutton> and a new window is opened. In the field
+  <guilabel>Other ports</guilabel>, enter the needed ports following these
+  examples :</para>
+
+  <para>80/tcp : open the port 80 tcp protocol</para>
+
+  <para>24000:24010/udp : open all the ports from 24000 to 24010 udp
+  protocol</para>
+
+  <para>The listed ports should be separated by a space.</para>
+
+  <para>If the box <guilabel>Log firewall messages in system logs</guilabel>
+  is checked, the firewall messages will be saved in system logs</para>
+
+  <mediaobject>
+    <imageobject>
+      <imagedata fileref="drakfirewall2.png"/>
+    </imageobject>
+  </mediaobject>
+
+  <note>
+    <para>If you don't host specific services (web or mail server, file
+    sharing, ...) it is completely possible to have nothing checked at all, it
+    is even recommended, it won't prevent you from connecting to the
+    internet.</para>
+  </note>
+
+  <para>The next screen deals with the Interactive Firewall options. These
+  feature allow you to be warned of connection attempts if at least the first
+  box <guilabel>Use Interactive Firewall </guilabel>is checked. Check the
+  second box to be warned if the ports are scanned (in order to find a failure
+  somewhere and enter your machine). Each box from the third one onwards
+  corresponds to a port you opened in the two first screens; in the screenshot
+  below, there are two such boxes: SSH server and 80:150/tcp. Check them to be
+  warned each time a connection is attempted on those ports.</para>
+
+  <para>These warning are given by alert popups through the network
+  applet.</para>
+
+  <mediaobject>
+    <imageobject>
+      <imagedata fileref="drakfirewall3.png"/>
+    </imageobject>
+  </mediaobject>
+
+  <mediaobject>
+    <imageobject>
+      <imagedata fileref="drakfirewall4.png"/>
+    </imageobject>
+  </mediaobject>
+
+  <para>In the last screen, choose which network interfaces are connected to
+  the Internet and must be protected. Once the OK button is clicked, the
+  necessary packages are downloaded.</para>
+
+  <tip>
+    <para>If you don't know what to choose, have a look in MCC tab Network
+    &amp; Internet, icon Set up a new network interface.</para>
+  </tip>
+</section>
\ No newline at end of file