https://bugzilla.novell.com/show_bug.cgi?id=426000 Summary: Yast2 corrupts SuSEfirewall2 config file Product: openSUSE 11.0 Version: Final Platform: PC OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: marc@marcchamberlin.com QAContact: jsrain@novell.com Found By: Community User I hand edit the SuSEfirewall2 config file so has to keep it readable and maintainable. One section in particular - FW_FORWARD_MASQ - I separate each entry so that there is one entry per line. Whenever I use Yast2 for something which requires it to update or make changes to the SuSEfirewall2 config file it trashes this particular section by concatenating all the separate lines into a single long line and it includes the \ line continuation character within this line. This breaks SuSEfirewall2 as Yast2 has recreated this section with an illegal syntax. So for example if I write this section as follows - FW_FORWARD_MASQ="\ 0/0,192.168.2.100,tcp,80,8080,111.222.333.444 \ 0/0,192.168.2.100,tcp,22,622,111.222.333.444 \ 0/0,192.168.2.254,tcp,80,8083,111.222.333.444 \ 0/0,192.168.2.15,tcp,5903,5900,111.222.333.444 \ 0/0,192.168.2.25,tcp,5904,5900,111.222.333.444 \ 0/0,192.168.2.30,tcp,5916,5903,111.222.333.444" Yast2 will change it to - FW_FORWARD_MASQ="\ 0/0,192.168.2.100,tcp,80,8080,111.222.333.444 \ 0/0,192.168.2.100,tcp,22, 622,111.222.333.444 \ 0/0,192.168.2.254,tcp, 80,8083,111.222.333.444 \ 0/0,192.168.2.15,tcp,5903,5900,111.222.333.444 \ 0/0,192.168.2.25,tcp,5904,5900,111.222.333.444 \ 0/0,192.168.2.30,tcp,5916,5903,111.222.333.444" (note this does not show the single line created well due to the limitations of the bugzilla form input) Using the \ character to continue a line is legal syntax for SuSEfirewall2 but Yast2 apparently does not handle it properly and should retain the original format, not try an change it into something else. BTW this bug has been around since at least SuSE10.1 and it finally annoyed me enough to report it. What is really bad is that there is no indication that something has gone wrong until one explicitly restarts SuSEFirewall2 or goes and looks at log files. Yast2 is perfectly willing, it appears, to make changes to the SuSEFirewall2 configuration without testing/restarting/reporting that the firewall restarted OK in order to verify that the changes it made are OK. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.