http://bugzilla.novell.com/show_bug.cgi?id=627226 http://bugzilla.novell.com/show_bug.cgi?id=627226#c0 Summary: After upgrading via 'zypper dup' the /etc/sysconfig/SuSEfirewall2 become broken Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: i586 OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: Installation AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: ctype@mail.ru QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; uk; rv:1.9.2.8) Gecko/20100723 SUSE/3.6.8-1.2 Firefox/3.6.8 (.NET CLR 3.5.30729) After upgrading via "zypper dup" from 11.2 I found errors in /var/log/boot.msg
<notice -- Jul 29 08:29:20.3793000> service SuSEfirewall2_setup startStarting >>Firewall Initialization (phase 2 of 2) SuSEfirewall2: Error: target must be a >>single host in FW_FORWARD_MASQ -> ## SuSEfirewall2: Error: target must be a single host in FW_FORWARD_MASQ -> Type: SuSEfirewall2: Error: target must be a single host in FW_FORWARD_MASQ -> string <notice -- Jul 29 08:29:24.631516000> service stoppreload start<notice -- Jul >>29 08:29:24.666198000> service stoppreload donedone iptables-batch v1.4.8: host/network `##' not found Try `iptables-batch -h' or 'iptables-batch --help' for more information. SuSEfirewall2: Error: iptables-batch failed, re-running using iptables ...
after looking into /etc/sysconfig/SuSEfirewall2 I found broken parameters, like FW_FORWARD_MASQ="0/0,172.16.0.4,tcp,33334,33334,95.69.179.xx ## Type: string 0/0,172.16.0.4,udp,33334,33334,95.69.179.xx" i.e. the text "## Type: string" was added as separate line into multi-line value After manual deleting such "inserts" firewall start to work properly Reproducible: Didn't try Steps to Reproduce: 1.Use OpenSuse 11.2 2./etc/sysconfig/SuSEfirewall2 should contains multi-line values in parameters like FW_FORWARD_MASQ 3.run "zypper dup" from 11.2 Actual Results: /etc/sysconfig/SuSEfirewall2 broken 'service SuSEfirewall2_setup start' returns errors -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.