Hi Thomas,
Hm, I'm not quite sure if I fully understand the problem.
Sounds like the firewall is disabled, but not stopped, so either stopping it manually or rebooting the server stops it.
Your understanding is correct! More precisely - once the installation is finished the status of the firewall service is "active (exited)" and I have either to issue systemctl stop SuSEfirewall2 or to reboot to really get rid of the FW.
Maybe your whole <firewall> section is in the wrong level of autoyast.xml... Ours is between <profile></profile> and not in <general> or anywhere else.
From my installedSystem.xml:
:
</classes>
<firewall>
What we have in addition to the firewall section is <firewall>no</firewall> for each network interface, perhaps this is something you might want to check.
Gave it a shot and it did not make any difference :(
As far as I can see from /var/log/YaST2/y2log on a newly installed server the firewall is disabled and stopped very early.
Digging through my y2log file I see many commands to disable the firewall bot not a single one to stop it. 2017-09-05 19:01:58 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:06 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:06 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:07 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:07 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:07 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:08 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:08 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:08 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:09 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:02:09 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:05:31 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:05:34 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:05:34 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:06:08 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:06:09 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:06:23 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:06:47 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:08:17 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:08:18 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:08:18 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:08:22 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` 2017-09-05 19:08:22 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl disable SuSEfirewall2.service ` To the contrary - close to the end of the log (there are only some more 50 lines) the firewall gets started explicitly 2017-09-05 19:08:30 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl show SuSEfirewall2.service --property=Id --property=MainPID --property=Description --pro perty=LoadState --property=ActiveState --property=SubState --property=UnitFileState --property=FragmentPath ` 2017-09-05 19:08:30 <1> server1(3030) [Ruby] modules/Service.rb:140 Starting service 'SuSEfirewall2' 2017-09-05 19:08:30 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl show SuSEfirewall2.service --property=Id --property=MainPID --property=Description --pro perty=LoadState --property=ActiveState --property=SubState --property=UnitFileState --property=FragmentPath ` 2017-09-05 19:08:30 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl start SuSEfirewall2.service ` 2017-09-05 19:08:31 <1> server1(3030) [Ruby] yast2/systemd_unit.rb:122 `systemctl show SuSEfirewall2.service --property=Id --property=MainPID --property=Description --pro perty=LoadState --property=ActiveState --property=SubState --property=UnitFileState --property=FragmentPath ` 2017-09-05 19:08:31 <1> server1(3030) [Ruby] clients/inst_oes_postconfig.rb:1950 SuSEfirewall2 started I am really wondering what is causing this ... Thanks and regards, Frieder -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org