https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c20
Markus Abt changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |abt@comet.de
--- Comment #20 from Markus Abt 2012-01-30 20:44:39 UTC ---
I can confirm this problem.
On three desktop systems, I have discovered that the firewall is not starting
when booting. In contrast, on a laptop, the firewall does start when booting.
All four system where installed similarly, a basic lxde installation with
manual hardware configuration. Firewall was activated (with sshd allowed).
Xen has not been installed.
In /var/log/Yast2/y2log, I can read:
--------------------
SuSEFirewall.ycp:1637 Removing interface 'eth0' from 'INT' zone.
SuSEFirewall.ycp:1637 Removing interface 'eth0' from 'DMZ' zone.
SuSEFirewall.ycp:1637 Removing interface 'eth0' from 'EXT' zone.
[...]
SuSEFirewall4Network.ycp:156 Disabling firewall, no interfaces are protected.
SuSEFirewall.ycp:1209 Setting enable-firewall to false
SuSEFirewall.ycp:1173 Setting start-firewall to false
--------------------
Only on the laptop, I can see later in the same file:
--------------------
SuSEFirewall4Network.ycp:143 Enabling firewall because of 'wlan0' interface
SuSEFirewall.ycp:1670 Adding interface 'wlan0' into 'EXT' zone.
SuSEFirewall.ycp:1209 Setting enable-firewall to true
SuSEFirewall.ycp:1173 Setting start-firewall to true
--------------------
So on the laptop, the firewall start was re-enabled due to the wlan card.
When starting the firewall manually on the desktops, it blocks incoming
traffic, albeit eth0 is not assigned to external zone.
In some earlier versions of openSUSE, IIRC "any" was assigned to external zone.
This seems not be true any longer.
Arguably, I missed to explicitly assign eth0 to the external zone during manual
network configuration. But this should not silently disable the firewall in my
opinion.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.