[Bug 340926] New: Upgrade of system breaks SuSEfirewall2 if it contains lines with "\" continue line symbol.
https://bugzilla.novell.com/show_bug.cgi?id=340926 Summary: Upgrade of system breaks SuSEfirewall2 if it contains lines with "\" continue line symbol. Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: openSUSE 10.3 Status: NEW Severity: Normal Priority: P5 - None Component: Update Problems AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: robin.listas@telefonica.net QAContact: jsrain@novell.com Found By: --- Symptom: nimrodel:~ # SuSEfirewall2 SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... SuSEfirewall2: Warning: no default firewall zone defined, assuming 'ext' SuSEfirewall2: batch committing... iptables-batch v1.3.8: host/network `##' not found Try `iptables-batch -h' or 'iptables-batch --help' for more information. SuSEfirewall2: Error: iptables-batch failed, re-running using iptables iptables v1.3.8: host/network `##' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.3.8: host/network `Type:' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.3.8: host/network `string' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.3.8: host/network `##' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.3.8: host/network `Default:' not found Try `iptables -h' or 'iptables --help' for more information. SuSEfirewall2: Firewall rules successfully set Notice it doesn't say the faulty line. The problem is this section: FW_TRUSTED_NETS="192.168.1.11,tcp,ftp 192.168.1.11,tcp,ftp-data \ ## Type: string ## Default: 192.168.1.11,tcp,ssh \ 192.168.1.1,udp,tftp \ 192.168.1.2,tcp,microsoft-ds 192.168.1.2,tcp,netbios-ssn \ 192.168.1.2,udp,netbios-dgm 192.168.1.2,udp,netbios-ns \ 192.168.1.33,tcp,http \ 192.168.1.33,tcp,ssh \ 192.168.1.33,tcp,ftp \ 192.168.1.33,tcp,ftp-data" # 192.168.1.1,udp,tftp --> backups del router. # 192.168.1.2 --> samba para Moria. Notice the three lines inserted in the middle of the definition? I have compared the file with the original in my 10.2 system, preserved in the backup, and I can conclude that it was the upgrade to 10.3 made by YAST who inserted those three lines in there. Removing them solves the problem: nimrodel:~ # SuSEfirewall2 SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... SuSEfirewall2: Warning: no default firewall zone defined, assuming 'ext' SuSEfirewall2: batch committing... SuSEfirewall2: Firewall rules successfully set nimrodel:~ # This same problem was reported in the security list the 23 Jul 2006 - only that time I did not have proof. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=340926
Martin Mrazik
https://bugzilla.novell.com/show_bug.cgi?id=340926#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=340926#c2
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=340926#c3
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=340926#c4
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=340926#c5
--- Comment #5 from Carlos Robinson
Carlos, please, attach YaST logs: See http://en.opensuse.org/Bugs/YaST
Huh? But the logs of the upgrade are not saved to harddisk, AFAIK: it's a live system on RAM. Are they :-? Ok, the upgrade started on Nov 2 23:22:48 and finished (first boot) at 14:22:59 Nov 2 23:22:48 nimrodel syslog-ng[4304]: syslog-ng version 1.6.11 going down Nov 3 14:22:59 nimrodel syslog-ng[3952]: syslog-ng version 1.6.12 starting I attach y2logs-20071113.tgz [...] No, I can't; this is what I get: The file you are trying to attach is 5282 kilobytes (KB) in size. Non-patch attachments cannot be more than 5120 KB. It's only 5 Megabytes! Good grief, that's a TINY log file, as yast logs go! Can't you please increase that absurd limit? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=340926#c6
--- Comment #6 from Carlos Robinson
https://bugzilla.novell.com/show_bug.cgi?id=340926
Ruediger Oertel
https://bugzilla.novell.com/show_bug.cgi?id=340926
Sven Lachmund
https://bugzilla.novell.com/show_bug.cgi?id=340926
User opensuse@go4more.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=340926#c7
Sven Lachmund
https://bugzilla.novell.com/show_bug.cgi?id=340926
User pgajdos@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=340926#c9
Petr Gajdos
https://bugzilla.novell.com/show_bug.cgi?id=340926
User robin.listas@telefonica.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=340926#c10
Carlos Robinson
Multiline variable assignment is not supported: http://en.opensuse.org/SUSE_Package_Conventions/Sysconfig#5.1._Base_File_For...
Sorry, that's not true. Ask around. The '/etc/sysconfig/SuSEfirewall2' file follows bash syntax and allows multiline statements. I'm using them, many people use them, and we have been using them for years. So, please, change your definition. It is YaST which is broken. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=340926
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=340926#c11
--- Comment #11 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=340926
User locilka@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=340926#c12
--- Comment #12 from Lukas Ocilka
participants (1)
-
bugzilla_noreply@novell.com