[Bug 874110] New: nfsserver should restart SuSEfirewall
https://bugzilla.novell.com/show_bug.cgi?id=874110 https://bugzilla.novell.com/show_bug.cgi?id=874110#c0 Summary: nfsserver should restart SuSEfirewall Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: nfbrown@suse.com ReportedBy: jslaby@suse.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- When I boot my system without running nfsserver, SuSEfirewall rules do not contain all the nfs ports even though I have configured SuSEfirewall to allow nfs-kernel-server service. I have to start nfsserver and then restart SuSEfirewall. Only then I see in iptables: 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:32905 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:51865 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:37778 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:50860 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:60436 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:59006 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:56771 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:41310 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:56771 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:41310 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:sunrpc 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:sunrpc 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:58117 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:37806 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:58117 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:37806 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:nfs 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:nfs IMO it should be there either since boot after SuSEfirewall starts or the nfsserver service should restart the firewall to reload and put the rules there. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=874110
https://bugzilla.novell.com/show_bug.cgi?id=874110#c1
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=874110
https://bugzilla.novell.com/show_bug.cgi?id=874110#c2
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=874110
https://bugzilla.novell.com/show_bug.cgi?id=874110#c3
--- Comment #3 from Jiri Slaby
SuSEfirewall2 sets up a static setup.
It could be reloaded for instance.
"SuSEfirewall2 start"
will restart the firewall.
Or there is a FW systemd service file. So what I do is: systemctl restart nfsserver.service && systemctl restart SuSEfirewall2.service The latter should perhaps be: systemctl reload-or-try-restart SuSEfirewall2.service
Not sure how the rules above get imported, are they specified via __rpc__ ? how did you configure it?
Via yast. I enabled nfs server. I see this in /etc/sysconfig/SuSEfirewall2: FW_CONFIGURATIONS_EXT="nfs-client nfs-kernel-server" and /etc/sysconfig/SuSEfirewall2.d/services/nfs-kernel-server subsequently says: grep -vE '^$|^#' /etc/sysconfig/SuSEfirewall2.d/services/nfs-kernel-server TCP="" UDP="" RPC="portmap status nlockmgr mountd nfs nfs_acl" IP="" BROADCAST="" -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=874110
https://bugzilla.novell.com/show_bug.cgi?id=874110#c4
--- Comment #4 from Neil Brown
participants (1)
-
bugzilla_noreply@novell.com