[Bug 1189560] New: firewalld forgets wicked zone assignment on service restart
https://bugzilla.suse.com/show_bug.cgi?id=1189560 Bug ID: 1189560 Summary: firewalld forgets wicked zone assignment on service restart Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: mrostecki@suse.com Reporter: fvogt@suse.com QA Contact: qa-bugs@suse.de CC: rfrohl@suse.com, wicked-maintainers@suse.de Found By: --- Blocker: --- When the system boots, wicked's firewalld extension mechanism informs firewalld about the configured interfaces and assignes them to the configured zones: localhost:~ # firewall-cmd --list-interfaces ens3 This is kept after a reload: localhost:~ # firewall-cmd --reload success localhost:~ # firewall-cmd --list-interfaces ens3 But not after a restart: localhost:~ # rcfirewalld restart localhost:~ # firewall-cmd --list-interfaces You're performing an operation over default zone ('public'), but your connections/interfaces are in zone 'docker' (see --get-active-zones) You most likely need to use --zone=docker option. This seems very fragile and hits openQA which (for some reason, probably a bad one) disables the firewall temporarily in some tests. Maybe wicked should save the zone assignments in the permanent config? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c4 --- Comment #4 from Micha�� Rostecki <mrostecki@suse.com> --- @Marius: regarding the last comment, would you recommend also not using FIREWALL=yes in general, by default and rather switch to /etc/firewalld/zones? The thing is that FIREWALL=yes is used by default on all fresh openSUSE installations. So far I prepared a quick fix which works for me with FIREWALL=yes and ZONE and should fix the issue for everyone who just installs Tubmbleweed with wicked and doesn't touch the configuration: https://github.com/openSUSE/wicked/pull/880 However, should we keep it as default behavior? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 Micha�� Rostecki <mrostecki@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c5 Fabian Vogt <fvogt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(mt@suse.com) --- Comment #5 from Fabian Vogt <fvogt@suse.com> --- Adding missing needinfo. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c12 --- Comment #12 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0317-1: An update that has 15 recommended fixes and contains one feature can now be installed. Category: recommended (moderate) Bug References: 1057592,1156920,1160654,1178357,1181163,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392 CVE References: JIRA References: SLE-9750 Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): wicked-0.6.68-150300.4.5.1 SUSE Linux Enterprise Micro 5.1 (src): wicked-0.6.68-150300.4.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c13 --- Comment #13 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0318-1: An update that has 19 recommended fixes and contains one feature can now be installed. Category: recommended (moderate) Bug References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 CVE References: JIRA References: SLE-9750 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): wicked-0.6.68-38.45.1 SUSE OpenStack Cloud 8 (src): wicked-0.6.68-38.45.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): wicked-0.6.68-38.45.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): wicked-0.6.68-38.45.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): wicked-0.6.68-38.45.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): wicked-0.6.68-38.45.1 HPE Helion Openstack 8 (src): wicked-0.6.68-38.45.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c14 --- Comment #14 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2022:0317-1: An update that has 15 recommended fixes and contains one feature can now be installed. Category: recommended (moderate) Bug References: 1057592,1156920,1160654,1178357,1181163,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392 CVE References: JIRA References: SLE-9750 Sources used: openSUSE Leap 15.3 (src): wicked-0.6.68-150300.4.5.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c15 --- Comment #15 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0315-1: An update that has 19 recommended fixes and contains one feature can now be installed. Category: recommended (moderate) Bug References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 CVE References: JIRA References: SLE-9750 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): wicked-0.6.68-3.16.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c16 Marius Tomaschewski <mt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED Flags|needinfo?(mt@suse.com) | --- Comment #16 from Marius Tomaschewski <mt@suse.com> --- (In reply to Micha�� Rostecki from comment #4)
@Marius: regarding the last comment, would you recommend also not using FIREWALL=yes in general, by default and rather switch to /etc/firewalld/zones? The thing is that FIREWALL=yes is used by default on all fresh openSUSE installations.
Well, it's a very old default in sysconfig and yast2 (setting the ZONE) AFAIR and I fear it requires a jira feature request to change the default behavior...
Submissions with wicked-0.6.68 (0.6.67 containing it) have been accepted to all supported product code streams. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c17 --- Comment #17 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0345-1: An update that has 19 recommended fixes and contains one feature can now be installed. Category: recommended (moderate) Bug References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 CVE References: JIRA References: SLE-9750 Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): wicked-0.6.68-3.24.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): wicked-0.6.68-3.24.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): wicked-0.6.68-3.24.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): wicked-0.6.68-3.24.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): wicked-0.6.68-3.24.1 SUSE Enterprise Storage 6 (src): wicked-0.6.68-3.24.1 SUSE CaaS Platform 4.0 (src): wicked-0.6.68-3.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c18 --- Comment #18 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0346-1: An update that has 19 recommended fixes and contains one feature can now be installed. Category: recommended (moderate) Bug References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 CVE References: JIRA References: SLE-9750 Sources used: SUSE Manager Server 4.1 (src): wicked-0.6.68-3.8.1 SUSE Manager Retail Branch Server 4.1 (src): wicked-0.6.68-3.8.1 SUSE Manager Proxy 4.1 (src): wicked-0.6.68-3.8.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): wicked-0.6.68-3.8.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): wicked-0.6.68-3.8.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): wicked-0.6.68-3.8.1 SUSE Linux Enterprise Micro 5.0 (src): wicked-0.6.68-3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): wicked-0.6.68-3.8.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): wicked-0.6.68-3.8.1 SUSE Enterprise Storage 7 (src): wicked-0.6.68-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c19 --- Comment #19 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2022:0346-2: An update that has 19 recommended fixes and contains one feature can now be installed. Category: recommended (moderate) Bug References: 1029961,1057592,1156920,1160654,1177215,1178357,1181163,1181186,1181812,1182227,1183407,1183495,1188019,1189560,1192164,1192311,1192353,1194392,954329 CVE References: JIRA References: SLE-9750 Sources used: SUSE Linux Enterprise Realtime Extension 15-SP2 (src): wicked-0.6.68-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c20 --- Comment #20 from Swamp Workflow Management <swamp@suse.de> --- SUSE-FU-2022:4343-1: An update that has 15 feature fixes and contains 7 features can now be installed. Category: feature (moderate) Bug References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,988954 CVE References: JIRA References: SLE-10249,SLE-17762,SLE-24286,SLE-24307,SLE-24310,SLE-25048,SLE-9492 Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): wicked-0.6.70-150100.3.27.2 SUSE Linux Enterprise Server 15-SP1-LTSS (src): wicked-0.6.70-150100.3.27.2 SUSE Linux Enterprise Server 15-SP1-BCL (src): wicked-0.6.70-150100.3.27.2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): wicked-0.6.70-150100.3.27.2 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): wicked-0.6.70-150100.3.27.2 SUSE Enterprise Storage 6 (src): wicked-0.6.70-150100.3.27.2 SUSE CaaS Platform 4.0 (src): wicked-0.6.70-150100.3.27.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c21 --- Comment #21 from Swamp Workflow Management <swamp@suse.de> --- SUSE-FU-2022:4340-1: An update that has 13 feature fixes and contains 5 features can now be installed. Category: feature (moderate) Bug References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 CVE References: JIRA References: SLE-10249,SLE-24307,SLE-24310,SLE-25048,SLE-9492 Sources used: openSUSE Leap 15.4 (src): wicked-0.6.70-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP4 (src): wicked-0.6.70-150400.3.3.1 SUSE Linux Enterprise Micro 5.3 (src): wicked-0.6.70-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c22 --- Comment #22 from Swamp Workflow Management <swamp@suse.de> --- SUSE-FU-2022:4344-1: An update that has 16 feature fixes and contains 7 features can now be installed. Category: feature (moderate) Bug References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,940239,988954 CVE References: JIRA References: SLE-10249,SLE-17762,SLE-24286,SLE-24307,SLE-24310,SLE-25048,SLE-9492 Sources used: SUSE Linux Enterprise Server 12-SP3-BCL (src): wicked-0.6.70-38.48.2 SUSE Linux Enterprise Server 12-SP2-BCL (src): wicked-0.6.70-38.48.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c23 --- Comment #23 from Swamp Workflow Management <swamp@suse.de> --- SUSE-FU-2022:4342-1: An update that has 15 feature fixes and contains 7 features can now be installed. Category: feature (moderate) Bug References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,988954 CVE References: JIRA References: SLE-10249,SLE-17762,SLE-24286,SLE-24307,SLE-24310,SLE-25048,SLE-9492 Sources used: SUSE Linux Enterprise Server 12-SP5 (src): wicked-0.6.70-3.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560 https://bugzilla.suse.com/show_bug.cgi?id=1189560#c24 --- Comment #24 from Swamp Workflow Management <swamp@suse.de> --- SUSE-FU-2022:4341-1: An update that has 15 feature fixes and contains 7 features can now be installed. Category: feature (moderate) Bug References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,988954 CVE References: JIRA References: SLE-10249,SLE-17762,SLE-24286,SLE-24307,SLE-24310,SLE-25048,SLE-9492 Sources used: openSUSE Leap Micro 5.2 (src): wicked-0.6.70-150300.4.8.1 openSUSE Leap 15.3 (src): wicked-0.6.70-150300.4.8.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): wicked-0.6.70-150300.4.8.1 SUSE Linux Enterprise Micro 5.2 (src): wicked-0.6.70-150300.4.8.1 SUSE Linux Enterprise Micro 5.1 (src): wicked-0.6.70-150300.4.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com