With firewalld.service enabled eth0 does not get IPv4 address
On my Raspberry Pi 1B the latest JeOS Tumbleweed image, Snapshot20201209, is installed. I want to use firewalld with the following deviations from the standard configuration given as firewall-cmd lines. firewall-cmd --permanent --zone=public --remove-service=ssh firewall-cmd --permanent --zone=public --add-rich-rule='rule port port="22" \ protocol="tcp" log prefix="SFW2-INSSH " level="info" limit value="6/m" drop' firewall-cmd --permanent --zone=internal --remove-service=samba-client firewall-cmd --permanent --zone=internal --add-service=ssh firewall-cmd --permanent --zone=internal --add-source=192.168.0.0/16 firewall-cmd --permanent --zone=internal --add-source=fe80::/16 firewall-cmd --permanent --zone=internal --add-source=83.x.y.z firewall-cmd --permanent --zone=internal --add-source=2001:x:y:z::/48 firewall-cmd --permanent --zone=internal --add-source=2001:xx:yy:zz::/56 public is the default zone The firewall blocks almost all traffic and allows ssh access from the listed IPv4 and IPv6 addresses in zone internal; some local, some from somewhere in the internet. The rich-rule keeps track of unwanted access to the ssh port. When I reboot the system with the firewalld.service enabled I use "ip a" to list the IP addresses assigned to the interfaces lo: and eth0: In this list eth0 does not have an IPv4 address. Also when I stop the firewalld service eth0 still does not get an IPv4 address. Only after a restart of the network service, eth0 gets an IPv4 address; no firewall active. eth0 is configured (standard) to get an IPv4 address via DHCP. Also router information "ip r" and /etc/resolv.conf do not contain IPv4 addresses. To did investigate this further, so I installed the latest JeOS Tumbleweed on my RPi4 and configured firewalld in the same way. This system does NOT show this wrong behavior. I filed a bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=1180231 -- fr.gr. member openSUSE Freek de Kruijf
participants (1)
-
Freek de Kruijf