https://bugzilla.novell.com/show_bug.cgi?id=732884 https://bugzilla.novell.com/show_bug.cgi?id=732884#c20 Markus Abt <abt@comet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abt@comet.de --- Comment #20 from Markus Abt <abt@comet.de> 2012-01-30 20:44:39 UTC --- I can confirm this problem. On three desktop systems, I have discovered that the firewall is not starting when booting. In contrast, on a laptop, the firewall does start when booting. All four system where installed similarly, a basic lxde installation with manual hardware configuration. Firewall was activated (with sshd allowed). Xen has not been installed. In /var/log/Yast2/y2log, I can read: -------------------- SuSEFirewall.ycp:1637 Removing interface 'eth0' from 'INT' zone. SuSEFirewall.ycp:1637 Removing interface 'eth0' from 'DMZ' zone. SuSEFirewall.ycp:1637 Removing interface 'eth0' from 'EXT' zone. [...] SuSEFirewall4Network.ycp:156 Disabling firewall, no interfaces are protected. SuSEFirewall.ycp:1209 Setting enable-firewall to false SuSEFirewall.ycp:1173 Setting start-firewall to false -------------------- Only on the laptop, I can see later in the same file: -------------------- SuSEFirewall4Network.ycp:143 Enabling firewall because of 'wlan0' interface SuSEFirewall.ycp:1670 Adding interface 'wlan0' into 'EXT' zone. SuSEFirewall.ycp:1209 Setting enable-firewall to true SuSEFirewall.ycp:1173 Setting start-firewall to true -------------------- So on the laptop, the firewall start was re-enabled due to the wlan card. When starting the firewall manually on the desktops, it blocks incoming traffic, albeit eth0 is not assigned to external zone. In some earlier versions of openSUSE, IIRC "any" was assigned to external zone. This seems not be true any longer. Arguably, I missed to explicitly assign eth0 to the external zone during manual network configuration. But this should not silently disable the firewall in my opinion. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.