On 2018-03-11 17:25, Per Jessen wrote:
Peter Suetterlin wrote:
Per Jessen wrote:
Carlos E. R. wrote:
Specially howto migrate from SuSEfirewal2. How to migrate every token there.
There is a script available - if you do "zypper se firewall", you'll see it. I have no idea how well it works.
The issue with this script (see Carlos' other post) is that it does 'surgery on the open heart'. You have to run it on the machine you want to convert, and it shuts down the old firewall, then (hopefully) builds a new setup for firewalld.
It can't be run off-line on a copy of your old firewall?
Apparently not. It can be run in dry mode, which is what I did. Even so, it switched off firewalld, and I think it started SuSEfirewal2. I uninstalled it, but I'm still unsure the current firewall status is correct: linux-9vao:~ # systemctl status SuSEfirewall2_init.service ● SuSEfirewall2_init.service Loaded: not-found (Reason: No such file or directory) Active: active (exited) since Sun 2018-03-11 13:45:46 CET; 6h ago Main PID: 9248 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4915) CGroup: /system.slice/SuSEfirewall2_init.service Mar 11 13:45:46 linux-9vao systemd[1]: Starting SuSEfirewall2 phase 1... Mar 11 13:45:46 linux-9vao SuSEfirewall2[9248]: Firewall rules set to CLOSE. Mar 11 13:45:46 linux-9vao systemd[1]: Started SuSEfirewall2 phase 1. linux-9vao:~ #
Not really something you just want to try on your server to see if it does the right thing....
Where you might not want to be running Leap15 beta either, to see if it does the right thing :-)
I think there is really just one key issue - what happens in the upgrade situation?
Even on a fresh install to replace the old. Install susefirewall2, copy the config from backup, install the translate script, run it, remove susefirewall2. I would prefer documentation saying how to translate manually each token, on YaST or on the command line, so that we learn how the new configuration is done. How am I going to maintain my firewall if I have no idea what the translation did? -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)