[Bug 468426] New: yast2-printer shows wrong SuSEFirewall state
https://bugzilla.novell.com/show_bug.cgi?id=468426 Summary: yast2-printer shows wrong SuSEFirewall state Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: All OS/Version: openSUSE 11.1 Status: NEEDINFO Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: jsmeix@novell.com ReportedBy: jsmeix@novell.com QAContact: jsrain@novell.com CC: mzugec@novell.com, jcborn@novell.com Found By: Development Jan-Christoph Bornschlegel reported this issue. In the YaST firewall module he had enabled the service "cups" for the external zone but the YaST printer module shows "Access and printer information from the external network zone is denied" which is in contradiction to the actual firewall settings. yast2-printer determines the firewall status regarding IPP (port 631 UDP and TCP) in Printer.ycp via ------------------------------------------------------------------- if( ! SuSEFirewall::HaveService( "631", "UDP", "INT" ) ) { firewall_config["browsing_from_int"] = false; firewall_config["ui_browsing_from_int"] = false; } if( ! SuSEFirewall::HaveService( "631", "TCP", "INT" ) ) { firewall_config["access_from_int"] = false; firewall_config["ui_access_from_int"] = false; } .. if( SuSEFirewall::HaveService( "631", "TCP", "EXT" ) || SuSEFirewall::HaveService( "631", "UDP", "EXT" ) ) { firewall_config["deny_from_ext"] = false; firewall_config["ui_deny_from_ext"] = false; } ------------------------------------------------------------------- In y2log there is ------------------------------------------------------------------- SuSEFirewall.ycp:2372 Firewall configuration has been read: $["FW_ALLOW_FW_BROADCAST_DMZ":"no", "FW_ALLOW_FW_BROADCAST_EXT":"no", "FW_ALLOW_FW_BROADCAST_INT":"no", "FW_CONFIGURATIONS_DMZ":"", "FW_CONFIGURATIONS_EXT":"cups dhcp-server sshd", "FW_CONFIGURATIONS_INT":"", "FW_DEV_DMZ":"", "FW_DEV_EXT":"any br0", "FW_DEV_INT":"", "FW_FORWARD_ALWAYS_INOUT_DEV":"", "FW_FORWARD_MASQ":"", "FW_IGNORE_FW_BROADCAST_DMZ":"no", "FW_IGNORE_FW_BROADCAST_EXT":"yes", "FW_IGNORE_FW_BROADCAST_INT":"no", "FW_IPSEC_TRUST":"no", "FW_LOAD_MODULES":"nf_conntrack_netbios_ns", "FW_LOG_ACCEPT_ALL":"no", "FW_LOG_ACCEPT_CRIT":"yes", "FW_LOG_DROP_ALL":"no", "FW_LOG_DROP_CRIT":"yes", "FW_MASQUERADE":"no", "FW_PROTECT_FROM_INT":"no", "FW_ROUTE":"no", "FW_SERVICES_ACCEPT_DMZ":"", "FW_SERVICES_ACCEPT_EXT":"", "FW_SERVICES_ACCEPT_INT":"", "FW_SERVICES_ACCEPT_RELATED_DMZ":"", "FW_SERVICES_ACCEPT_RELATED_EXT":"", "FW_SERVICES_ACCEPT_RELATED_INT":"", "FW_SERVICES_DMZ_IP":"", "FW_SERVICES_DMZ_RPC":"", "FW_SERVICES_DMZ_TCP":"", "FW_SERVICES_DMZ_UDP":"", "FW_SERVICES_EXT_IP":"", "FW_SERVICES_EXT_RPC":"", "FW_SERVICES_EXT_TCP":"ssh ", "FW_SERVICES_EXT_UDP":"", "FW_SERVICES_INT_IP":"", "FW_SERVICES_INT_RPC":"", "FW_SERVICES_INT_TCP":"", "FW_SERVICES_INT_UDP":"", "enable_firewall":true, "start_firewall":true]. .. Printer.ycp:1943 FirewallConfig read result: $["access_from_int":true, "browsing_from_int":true, "deny_from_ext":true, "firewall_active":true, "no_firewall_for_int":true, "suse_firewall_used":true, "ui_access_from_int":true, "ui_browsing_from_int":true, "ui_deny_from_ext":true] ------------------------------------------------------------------- This is wrong because on the one hand there is "FW_CONFIGURATIONS_EXT":"cups dhcp-server sshd", but on the other hand for yast2-printer it is "deny_from_ext":true, Something is wrong with the YCP code in yast2-printer which determines the firewall settings but this code had worked well at the time when I implemented it on my openSUSE 11.0 workstation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=468426
Johannes Meixner
https://bugzilla.novell.com/show_bug.cgi?id=468426
Johannes Meixner
https://bugzilla.novell.com/show_bug.cgi?id=468426
User locilka@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=468426#c1
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=468426
User jsmeix@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=468426#c2
Johannes Meixner
https://bugzilla.novell.com/show_bug.cgi?id=468426
User jsmeix@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=468426#c6
Johannes Meixner
https://bugzilla.novell.com/show_bug.cgi?id=468426
User locilka@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=468426#c7
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=468426
User jsmeix@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=468426#c8
--- Comment #8 from Johannes Meixner
participants (1)
-
bugzilla_noreply@novell.com