[Bug 931152] New: During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 989145] New: document...

[Bug 931152] New: During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

older
[Bug 989084] The last kernel...

bugzilla_noreply＠novell.com

17 May 2015 17 May '15

01:05

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 Bug ID: 931152 Summary: During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card Classification: openSUSE Product: openSUSE 12.3 Version: Final Hardware: x86-64 OS: openSUSE 12.3 Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: secure@aphofis.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I’ve have 4 x 12.3 Default Installations. 3 KDE 1 Gnome On inspection each and every PC showed the NIC as not being assigned to be in ANY Zone of the Suse2Firewall. You can easily identify this by watching the boot log from ESC during Start-up and you find that Suseefirewall doesn’t even start as such. In the unlikely event you cant validate this I'll do a fresh install for you and send you logs but sending you Yast Logs for any installation that is moths old, may yield little practice help due size and other extraneous issues. O.T Thanks for bashing out the Bug fixes and wow thanks for putting the graphical Bug numbers back on screen. A development project without public access to numbers as it has been for a few years when it disappeared off our screens....well I wont say the obvious but Hey, unreal work being done to fix bugs if the daily updates are any example -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 3.1 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠novell.com

18 May 18 May

07:47

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |astieger@suse.com Resolution|--- |WONTFIX --- Comment #1 from Andreas Stieger --- (In reply to Scott Couston from comment #0)

I’ve have 4 x 12.3 Default Installations. 3 KDE 1 Gnome On inspection each and every PC showed the NIC as not being assigned to be in ANY Zone of the Suse2Firewall. You can easily identify this by watching the boot log from ESC during Start-up and you find that Suseefirewall doesn’t even start as such.

In the unlikely event you cant validate this I'll do a fresh install for you and send you logs but sending you Yast Logs for any installation that is moths old, may yield little practice help due size and other extraneous issues.

Hello Scott, thanks for reporting. However we are not accepting security issue reports against 12.3 anymore as it has reached it's end of life: http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00003.html Please check if the problem still persists on 13.1, 13.2 or Tumbleweed. If so, please re-open this issue, updating the relevant product/version fields and adding any updated information. Thanks! -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

22 May 22 May

01:33

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 Scott Couston changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |secure@aphofis.com Component|Security |Security Product|openSUSE 12.3 |openSUSE 13.1 Target Milestone|--- |Final OS|openSUSE 12.3 |openSUSE 13.2 --- Comment #2 from Scott Couston --- Apologies for version error. My earlier statement that susefirewall not being present as started and running in start-up log is incorrect but definately a default install assigns NO zone to the NIC -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

01:34

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 Scott Couston changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX |--- --- Comment #3 from Scott Couston --- Version number in text should read 13.2 not 12.3...apologies -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

26 May 26 May

09:56

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEW Flags| |needinfo?(secure@aphofis.co | |m) --- Comment #4 from Andreas Stieger --- Please outline what you think is the security impact of not having a zone assigned? "Interfaces not explicitly configured as int, ext or dmz will be considered external." The secure default behaves as if the ext zone was assigned, applying all default rules. You can verify this by looking the configured iptables rules in such a system. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

09:59

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Security |Security Version|Final |13.2 Product|openSUSE 13.1 |openSUSE Distribution Target Milestone|Final |13.2 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

30 Jun 30 Jun

04:48

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 http://bugzilla.opensuse.org/show_bug.cgi?id=931152#c5 Scott Couston changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(secure@aphofis.co | |m) | --- Comment #5 from Scott Couston --- Sure I can see now that the absence of a zone has no impact on the previous default since 9.0 of assigning the default interface to the external zone. It is difficult sometimes to test the efficacy of the firewall for example an NFS client can be configured via the interface whether or not the 'open firewall' is ticked or not. Thanks -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

12 Aug 12 Aug

11:25

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 http://bugzilla.opensuse.org/show_bug.cgi?id=931152#c6 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #6 from Andreas Stieger --- Closing.. no zone implies external interface. Thanks for your concern. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15 Jul 15 Jul

10:50

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 http://bugzilla.opensuse.org/show_bug.cgi?id=931152#c7 Joachim Wagner changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jwagner@computing.dcu.ie --- Comment #7 from Joachim Wagner --- Posts 2 and 9 of https://forums.opensuse.org/showthread.php/518486-In-Yast-no-zone-assigned-t... show that some users wrongly assume that the "No zone" is always closed, allowing only outgoing connections. If this zone is then used for the public network and the external zone for a more secure but still not fully trusted network, this opens up security issues. However, I don't think this is a big enough issue to change the software. Therefore, I submitted a documentation request as bug #989145 . -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

15:05

New subject: [Bug 931152] During Default Installation Suse Firewall does NOT Assign any ZONE to the Network Interface Card

http://bugzilla.opensuse.org/show_bug.cgi?id=931152 Aaron Burgemeister changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ab@suse.com, | |aburgemeister@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

2852

Age (days ago)

3277

Last active (days ago)

Download

9 comments

1 participants

tags

participants (1)

bugzilla_noreply＠novell.com