Mailinglist Archive: opensuse (1108 mails)

< Previous Next >
Re: [opensuse] firewall errors?
On 2018-08-07 21:33, Dave Howorth wrote:
On Tue, 7 Aug 2018 18:56:53 +0200
"Carlos E. R." <robin.listas@xxxxxxxxxxxxxx> wrote:
On 2018-08-07 15:11, Dave Howorth wrote:
On Tue, 7 Aug 2018 14:45:23 +0200 (CEST) "Carlos E. R." <> wrote:
My guess is that you upgraded to Leap 15.0 from some previous
version, or perhaps tumbleweed, and you are running the old
firewall which has not been migrated by *you* to the new
firewall.

Sorry, I'm on Leap 15.0 and it was upgraded by zypper from Leap 42.3

Looking at YaST software listings, apparently I have both
SuSEfirewall2 and firewalld installed, along with firewall-config,
firewall-macros, firewalld-lang, python3-firewall, xfwp &
yast2-firewall.

Nothing told me to migrate a firewall. I don't want a firewall. Is
it safe to just remove all these packages?

Well, it is up to you to decide to have a firewall or not. I always
have one on every machine I control.

Thanks Carlos, and thanks to Darryl too. I stopped the services (YaST
balked and I had to do it twice) and now I can access TV remotely as I
wished.

I gave you the exact commands to do it (stop service) without YaST.


I know the arguments for having a firewall, but I've been caught too
often by situations like I've just had that have wasted days of my time.

If you really do not want a firewall, just:

systemctl status firewalld.service
systemctl stop firewalld.service
systemctl disable firewalld.service


systemctl status SuSEfirewall2.service
systemctl stop SuSEfirewall2.service
systemctl disable SuSEfirewall2.service

and then remove SuSEfirewall2 packages.

You get both because you may want to migrate your settings from the
previous firewall in 42.3 to the new one in 15.0. There is a tool that
automates that migration, I forgot the name and it is not documented
in the release notes.

Ah. Google finds it: "susefirewall2-to-firewalld"

<https://en.opensuse.org/Firewalld>

I read the README as they suggested but am now confused. It says it is
a simple script but it talks about 'start/stop/restart firewalld and
SuSEfirewall2 services'. That doesn't sound simple to me. Does that
mean even if I have both firewalls shut down, it is going to start
them? I'd have thought a simple script would migrate a configuration by
editing some configuration scripts? I'd be happy to do that, against
the event that I might find some reason to use firewalld in the future.

The point is, IF you want to migrate from the old settings to the new,
then you need both while you do the migration, then delete the old.

IF you do not care about the old, then just delete the old.

Finally, after those two decisions you do not want any firewall, then
you _stop_ and then _disable_ the new, but not remove in case there are
dependencies.



OTOH, if I just start firewalld as a new installation, I would hope
there's a graphical first-time-run program to guide me through setting
it up?

Yes. But it does not run automatically, you have to call it. I think it
is is in YaST although it is not a YaST module.

I'm not sure it is a first-time-run program, either.

In which case, there wouldn't be much point in preserving a
configuration I already know has some problem.

If you know it has problems, don't migrate it.



If you are sure you do not want to migrate settings, then just delete
SuSEfirewall2 packages, then enable and start firewalld.service, then
open the needed ports.

But if I don't want a firewall, why not just delete it?

Because it might be needed by dependencies.

PS I opened a bug about text selection from YaST
https://bugzilla.opensuse.org/show_bug.cgi?id=1104069


Ok :-)

--
Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >