Bug ID 1188143
Summary Firewall Zone-Interface association not applied with "Reload"
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.3
Hardware x86-64
OS openSUSE Leap 15.3
Status NEW
Severity Minor
Priority P5 - None
Component YaST2
Assignee yast2-maintainers@suse.de
Reporter mail@georg-pfuetzenreuter.net
QA Contact jsrain@suse.com
Found By ---
Blocker --- 

Hi,

this is a follow-up to my report in #yast.

Steps to reproduce:
-> Launch YaST2 firewall
-> Under "Start-Up", set "After writing configuration:" to "Reload"
-> Under "Interfaces", select an interface currently assigned to a zone
-> Use "Change Zone" and select a different Zone from the dropdown menu
-> Confirm with "OK" and choose "Accept" (F10)

Expected behavior:
The zone-interface association should be applied, since the CLI equivalent of
the operation
`firewall-cmd --zone=zoneA --remove-interface=eth0 --permanent`
`firewall-cmd --zone=zoneB --add-interface=eth0 --permanent`
`firewall-cmd --reload`
works fine.

Observed behavior:
The zone-interface association is not being applied (as can be confirmed with
`firewall-cmd --list-all-zones`). A manual restart of firewalld, or launching
YaST2 firewall again and changing "After writing configuration:" to "Restart"
is required.

Possible fix:
Adjust the program to reload firewalld using `firewall-cmd --reload` instead of
using the reload feature of systemd. The systemd unit for firewalld specifies
the reload action to send a SIGHUP to firewalld, which, from my observation,
not always applies the changes. I am not sure if this is the actual cause of
the issue, but it might be worth a try. :-)

Cheers,
Georg

You are receiving this mail because: