[Bug 1189560] New: firewalld forgets wicked zone assignment on service restart
https://bugzilla.suse.com/show_bug.cgi?id=1189560 Bug ID: 1189560 Summary: firewalld forgets wicked zone assignment on service restart Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: mrostecki@suse.com Reporter: fvogt@suse.com QA Contact: qa-bugs@suse.de CC: rfrohl@suse.com, wicked-maintainers@suse.de Found By: --- Blocker: --- When the system boots, wicked's firewalld extension mechanism informs firewalld about the configured interfaces and assignes them to the configured zones: localhost:~ # firewall-cmd --list-interfaces ens3 This is kept after a reload: localhost:~ # firewall-cmd --reload success localhost:~ # firewall-cmd --list-interfaces ens3 But not after a restart: localhost:~ # rcfirewalld restart localhost:~ # firewall-cmd --list-interfaces You're performing an operation over default zone ('public'), but your connections/interfaces are in zone 'docker' (see --get-active-zones) You most likely need to use --zone=docker option. This seems very fragile and hits openQA which (for some reason, probably a bad one) disables the firewall temporarily in some tests. Maybe wicked should save the zone assignments in the permanent config? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c4
--- Comment #4 from Micha�� Rostecki
https://bugzilla.suse.com/show_bug.cgi?id=1189560
Micha�� Rostecki
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c5
Fabian Vogt
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c12
--- Comment #12 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c13
--- Comment #13 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c14
--- Comment #14 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c15
--- Comment #15 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c16
Marius Tomaschewski
@Marius: regarding the last comment, would you recommend also not using FIREWALL=yes in general, by default and rather switch to /etc/firewalld/zones? The thing is that FIREWALL=yes is used by default on all fresh openSUSE installations.
Well, it's a very old default in sysconfig and yast2 (setting the ZONE) AFAIR and I fear it requires a jira feature request to change the default behavior...
Submissions with wicked-0.6.68 (0.6.67 containing it) have been accepted to all supported product code streams. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c17
--- Comment #17 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c18
--- Comment #18 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c19
--- Comment #19 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c20
--- Comment #20 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c21
--- Comment #21 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c22
--- Comment #22 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c23
--- Comment #23 from Swamp Workflow Management
https://bugzilla.suse.com/show_bug.cgi?id=1189560
https://bugzilla.suse.com/show_bug.cgi?id=1189560#c24
--- Comment #24 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@suse.com