http://bugzilla.opensuse.org/show_bug.cgi?id=1148560 Bug ID: 1148560 Summary: susefirewall2-to-firewalld handles iptables rule in /etc/sysconfig/scripts/SuSEfirewall2-custom wrongly Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: freek@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The below shown iptables rule is in /etc/sysconfig/scripts/SuSEfirewall2-custom mentioned in /etc/sysconfig/SuSEfirewall2 I used parameter -d with command susefirewall2-to-firewalld to find the following output: DEBUG: iptables rule: -A INPUT -s 54.38.56.123/32 -j DROP INFO: RICH: Adding rich rule="rule family=ipv4 source address=54.38.56.123/32 accept" to zone="INPUT" DEBUG: ZONE="INPUT" RICH="rule family=ipv4 source address=54.38.56.123/32 accept" INFO: Enabling rich rule="rule family=ipv4 source address=54.38.56.123/32 accept" for zone="" DEBUG: Executing: firewall-cmd --zone= --add-rich-rule=rule family=ipv4 source address=54.38.56.123/32 accept DEBUG: firewall-cmd --zone= --add-rich-rule=rule family=ipv4 source address=54.38.56.123/32 accept The iptables rule: -A INPUT -s 54.38.56.123/32 -j DROP should result in firewall-cmd --zone= --add-rich-rule='rule family=ipv4 source address=54.38.56.123/32 drop' Note accept instead of drop; quite the opposite of what should be the result. -- You are receiving this mail because: You are on the CC list for the bug.