[Bug 899330] New: Interfaces does not automatically show up in firewall with NetworkManager
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Bug ID: 899330 Summary: Interfaces does not automatically show up in firewall with NetworkManager Classification: openSUSE Product: openSUSE Factory Version: 201408* Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: razirazo_90@live.com.my QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- When using NetworkManager, network interfaces does not listed in firewall. I have to manually configure it using Wicked Service first, to make it registered in firewall. And then use networkManager back. This is troublesome, for example when setting up internet sharing you can't proceed to zone assign and Network masquerade until you do the step above. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Carlos Bessa <carlos.bessa@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carlos.bessa@gmail.com --- Comment #1 from Carlos Bessa <carlos.bessa@gmail.com> --- (In reply to razi zulkepli from comment #0)
When using NetworkManager, network interfaces does not listed in firewall.
I have to manually configure it using Wicked Service first, to make it registered in firewall. And then use networkManager back.
This is troublesome, for example when setting up internet sharing you can't proceed to zone assign and Network masquerade until you do the step above.
I can also confirm this. One has to configure it manually in Wicked Service and then go back to networkmanager for the devices to appear in the firewall. If I recall correctly in desktops the wicked service is used by default (at least it was the case for ifup) so that won't be a problem. But for laptops the default is network manager so users will be unprotected. The firewall is turned on by default so I never crossed my mind to look it up, until I wanted the change the firewall zone for a particular network device. regards, Carlos -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Bernhard Wiedemann <bwiedemann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bwiedemann@suse.com --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> --- Is this yast2 firewall that you use or are you directly editing /etc/sysconfig/SuSEfirewall2* ? or does NetworkManager have its own? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Bernhard Wiedemann <bwiedemann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jreidinger@suse.com Component|Network |GNOME Assignee|bnc-team-screening@forge.pr |bnc-team-gnome@forge.provo. |ovo.novell.com |novell.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 David Liang <dliang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dliang@suse.com, | |rlmu@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Camilo Castillo <c.castillo.cast@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |c.castillo.cast@gmail.com --- Comment #4 from Camilo Castillo <c.castillo.cast@gmail.com> --- It looks like this problem is still around in 13.2 Made a bug report here: https://bugzilla.opensuse.org/show_bug.cgi?id=929455 It looks like the same problem to me. Mine is the duplicate report -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Code Struct <codestruct@posteo.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |codestruct@posteo.org -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 http://bugzilla.opensuse.org/show_bug.cgi?id=899330#c6 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dimstar@opensuse.org Component|GNOME |YaST2 Version|201408* |Current Assignee|bnc-team-gnome@forge.provo. |yast2-maintainers@suse.de |novell.com | QA Contact|qa-bugs@suse.de |jsrain@suse.com Flags|needinfo?(razirazo_90@live. | |com.my) | --- Comment #6 from Dominique Leuenberger <dimstar@opensuse.org> --- (In reply to Bernhard Wiedemann from comment #2)
Is this yast2 firewall that you use or are you directly editing /etc/sysconfig/SuSEfirewall2* ?
or does NetworkManager have its own?
Reprduced here - YaST Firewall module sees no interfaces when NM is being used (NM *can* work with firewalld, but that's by a long shot not default in openSUSE) This seems more a YaST issue than NetworkManager => reassigning -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Simcha Lerner <syl-novell-mji@sufrin.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium CC| |syl-novell-mji@sufrin.org -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 http://bugzilla.opensuse.org/show_bug.cgi?id=899330#c7 Simcha Lerner <syl-novell-mji@sufrin.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED --- Comment #7 from Simcha Lerner <syl-novell-mji@sufrin.org> --- As of 2017-07-24 this is still an issue. In addition to interfaces not showing up in Yast Firewall, postfix mail fails to initialize with a "fatal: parameter inet_interfaces: no local interface found for ::1" error. This is a security issue and should be dealt with sooner rather than later. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=899330 http://bugzilla.opensuse.org/show_bug.cgi?id=899330#c12 Andrei Borzenkov <arvidjaar@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arvidjaar@gmail.com --- Comment #12 from Andrei Borzenkov <arvidjaar@gmail.com> --- (In reply to Imobach Gonzalez Sosa from comment #9)
I am sorry, but the original bug, as Knut commented, was open against openSUSE 13 and the situation has changed quite a lot. Now firewalld is the firewall solution to go and it is the only supported solution by YaST. This problem does not happen in that case,
of course it does. YaST2 firewall module only shows interfaces for which wicked configuration exists. This is hidden by the fact that installer creates both wicked ifcfg and NM connection profile for interface used during installation so it /looks/ like it works. But any interface that does not have wicked configuration is "invisible" to YaST firewall module. As NetworkManager is now default and wicked is not even installed this is no more "enhancement" but a real bug. Reproduced on TW 20220603. See also https://forums.opensuse.org/showthread.php/570803-Yast-firewall-doesn-t-resp... -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com