http://bugzilla.suse.com/show_bug.cgi?id=1043446 Bug ID: 1043446 Summary: AutoYaST does not open ssh port in SuSEfirewall2 on first boot Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers@suse.de Reporter: jmader2@gmu.edu QA Contact: jsrain@suse.com Found By: --- Blocker: --- autoinst.xml, <firewall> <FW_CONFIGURATIONS_EXT>sshd avahi</FW_CONFIGURATIONS_EXT> <enable_firewall config:type="boolean">true</enable_firewall> <start_firewall config:type="boolean">true</start_firewall> </firewall> <services-manager> <services> <enable config:type="list"> <service>sshd</service> </enable> </services> </services-manager> this is not the case in Leap 42.3-Build0270 on first boot, traffic to 22/tcp is dropped. Jun 08 13:06:21 linux kernel: SFW2-INext-DROP-DEFLT IN=em1 OUT= ... LEN=84 TC=0 HOPLIMIT=64 FLOWLBL=929175 PROTO=TCP SPT=58096 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405A0010303050101080A2553A0F0000000000402000 Note, the installation summary screen in 42.3 continues to erroneously show that the ssh port will be blocked and ssh service will be disabled just like it does in 42.2, but in 42.2 ssh is open and enabled on first boot after installation. If the service SuSEfirewall2 is stopped then started, the correct entries will be added to the Chain input_ext (1 references) ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:mdns but they are missing after first boot. -- You are receiving this mail because: You are on the CC list for the bug.