https://bugzilla.novell.com/show_bug.cgi?id=819406 https://bugzilla.novell.com/show_bug.cgi?id=819406#c0 Summary: SUSE Firewall supports only one custom string defining interfaces, does not import libvirt created bridge devices Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: tonysu@su-networking.com QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 Currently, SUSE FW automatically displays the detected physical interfaces and br devices created in YAST. Bridge devices can be created other ways as well, specifically in my case by libvirt (using either virsh or vm manager). The bridge devices created by libvirt typically are named "virbr<number>" Since bridge devices created by libvirt are not automatically found by SUSE FW, I am still able to enter <one> name as a "Custom" Interface, but if multiple vnetworks are created, typically multiple virtual bridges are created. Reproducible: Always Steps to Reproduce: 1. Using VM Manager, create a NAT virtual network with DHCP, note the name of the created bridge device 2. Open any kind of VM(I've been using KVM an LXC) using the new virtual network, and run "ip addr" or "ifconfig" note no DHCP address granted 3. In SUSE FW > Interfaces, note that virbr* does not exist 4. Enter the virtual bridge name as a custom string in the Internal Zone 5. From within the VM guest, ifdown/ifup eth0 to try to obtain a DHCP address 6. Re-run Step 2 to test obtaining an IP address Now, return to SUSE FW > Interfaces and note that only one custom string is supported, no additional networks can be configured. Actual Results: As described, there is no way to define additional "custom" interfaces and SUSE FW does not automatically import libvirt bridge device names. Expected Results: Either 1. SUSE FW should import the available interfaces (seems only the bridge name is necessary, nothing else) created by libvirt, this might not be too difficult, drawing from the virsh net-list command 2. Alternative is to enable multiple custom strings Am assigning this a "normal" severity only because there are workarounds... ie. editing iptables directly. But, this is a scenario which would definitely be widely experienced and be extremely uncomfortable for everyone using YAST if they configure multiple virtual networks (my impression is that the openSUSE community may only be beginning to use virtualization and there is a current preference for Virtual Box. As more use KVM, Xen and LXC, this will change). I see that there is another unrelated bug but working with this code. If someone works on one, maybe both can be addressed https://bugzilla.novell.com/show_bug.cgi?id=578787 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.