For now I*'ve made the service for firewalld conflict with the SuSEfirewall2 services, so that should be fine. As far as a migration path goes, firewalld comes with a way bigger set of predefined services and zones than SuSEfirewall2 so any "migration path" would be quite straightforward, and not that much different from the initial implementation of any firewall. I'll see if I can find some time to write up a readme or such, but I don't think I have editing rights on the wiki, so some else would have to put it there. Cheers MH On 12/01/2014 08:46 PM, Bruno Friedmann wrote:
On Monday 01 December 2014 20.07:44 Carlos E. R. wrote:
On 2014-12-01 18:54, Bruno Friedmann wrote:
I'm guessing what Marcus is believing ...
If firewalld will be replacement for susefirewall then a lot of migration will have to be played by users and administrators.
So adding a readme, howto, preparing a wiki page with receipts and/or asking help for migration rules, scripts + asking obs admin help to prepare a list of all packages creating SFW2 rules to warn maintainer etc.
This effort beside just the packaging (which is the first important step, don't get me wrong) is preparing the future for the benefit of all. And investigate whether both can coexist for some time. coexist : pretty sure not it's about security. but making the package conflicting and being able to choose which one you want why not. But who will maintain two full sets of rules, two yast interface etc ... You ? For instance, some people are not upgrading to 13.2, or going back to 13.1, because nobody seems to know how to migrate if-up scripts to wicked, or they can't make them work. And apparently, if-up is not available as an alternative. So what ... just a proof that not enough people had tested scenario during 13.2 dev time. Guess what, is that changing now, at least wicked got attention and bugreports so fixes will come ;-) Having the old method together with the new one for a time, and a compatibility layer, like we have with systemd, is crucial. Don't diverge, iptables ip6tables were there, and will stay (at least until the name change)
-- Cheers / Saludos,
Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org