[Bug 230042] New: SUSE firewall doesn't save settings
https://bugzilla.novell.com/show_bug.cgi?id=230042 Summary: SUSE firewall doesn't save settings Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: felix.rommel@web.de QAContact: qa@suse.de If you configure the SUSE firewall in YaST and enter some ports which you want to open or set IP protocols which are allowed, YaST doesn't save these values. How to reproduce: 1. Open in YaST the SUSE firewall configuration tool. 2. Enter some ports in "Allowed services" which you want to open in "external zone", for example UDP 10000 and UDP 500 and enter an IP protocol like "esp". 3. Now click on the continue button. 4. The following overview page won't show the entered ports and protocol. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 meissner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |locilka@novell.com ------- Comment #1 from meissner@novell.com 2007-01-08 06:52 MST ------- -> yast maintainer -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 locilka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |felix.rommel@web.de ------- Comment #2 from locilka@novell.com 2007-01-08 07:09 MST ------- Trying to reproduce: 1.) Opening YaST Firewall 2.) Clicking [Next] to see the current configuration External Zone ------------- Open Services, Ports, and Protocols * DNS Server * NFS Client * NFS Server * Remote Administration * SSH 3.) Clicking [Back] 4.) Clicking on Allowed Services, [Advanced] button 5.) Adding UDP Ports: "10000 500", IP Protocols: "esp" 6.) Clicking [OK] /var/log/YaST2/y2log says: 2007-01-08 15:02:57 <1> miracle(27850) [YCP] SuSEFirewall.ycp:2351 Adding additional services ["10000", "500"]/UDP into zone EXT 2007-01-08 15:02:57 <1> miracle(27850) [YCP] PortRanges.ycp:377 Joining list of ranges [] 2007-01-08 15:02:57 <1> miracle(27850) [YCP] PortRanges.ycp:487 Result of joining: [] 2007-01-08 15:02:57 <1> miracle(27850) [YCP] SuSEFirewall.ycp:2351 Adding additional services ["esp"]/IP into zone EXT 2007-01-08 15:02:57 <1> miracle(27850) [YCP] PortRanges.ycp:312 Protocol IP doesn't support port ranges, skipping... (no error) 7.) Clicking [Next] to see the changed configuration overview: External Zone ------------- Open Services, Ports, and Protocols * DNS Server * NFS Client * NFS Server * Remote Administration * SSH * UDP Ports: 10000, 500 * IP Protocols: esp 8.) Conclusion: Cannot duplicate, requested ports are added. (Checked also in the configuration file /etc/sysconfig/SuSEfirewall2) So, please, if you can duplicate the problem by yourself, finish the firewall configuration by clicking on the Accept button and attach files /var/log/YaST/y2log and /etc/sysconfig/SuSEfirewall2 after it is done. Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 ------- Comment #3 from felix.rommel@web.de 2007-01-09 09:53 MST ------- Ok, I checked /etc/sysconfig/SuSEfirewall2 and the settings ARE saved. Nevertheless the settings are not shown in YaST Firewall config tool - see attached screenshots. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 ------- Comment #4 from felix.rommel@web.de 2007-01-09 09:54 MST ------- Created an attachment (id=112039) --> (https://bugzilla.novell.com/attachment.cgi?id=112039&action=view) step 1: enter settings -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 ------- Comment #5 from felix.rommel@web.de 2007-01-09 09:55 MST ------- Created an attachment (id=112040) --> (https://bugzilla.novell.com/attachment.cgi?id=112040&action=view) step 2: click next, settings are not shown -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 ------- Comment #6 from felix.rommel@web.de 2007-01-09 09:56 MST ------- Created an attachment (id=112041) --> (https://bugzilla.novell.com/attachment.cgi?id=112041&action=view) step 3: start the YaST firewall config tool again and settings are not shown -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 ------- Comment #7 from locilka@novell.com 2007-01-10 02:05 MST ------- I see, this is strange, but ... Could you, please, attach your /var/log/YaST/ firectory directory (a tar/gzip whatever) and your /etc/sysconfig/SuSEfirewall2 as mentioned in comment #2? I can't do anything without them because, as you can see, I was unable to duplicate the error. Thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 ------- Comment #8 from felix.rommel@web.de 2007-01-10 06:34 MST ------- Created an attachment (id=112207) --> (https://bugzilla.novell.com/attachment.cgi?id=112207&action=view) complete YaST2 log directory -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 ------- Comment #9 from felix.rommel@web.de 2007-01-10 06:36 MST ------- Created an attachment (id=112208) --> (https://bugzilla.novell.com/attachment.cgi?id=112208&action=view) /etc/sysconfig/SuSEfirewall2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 locilka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Enhancement Status|NEEDINFO |ASSIGNED Component|Security |YaST2 Info Provider|felix.rommel@web.de | OS/Version|Other |Linux Product|openSUSE 10.2 |openSUSE 10.3 Summary|SUSE firewall doesn't save |SUSE firewall should show more detailed summary |settings |(on request) Version|Final |Alpha 1 ------- Comment #10 from locilka@novell.com 2007-01-17 00:46 MST ------- I see. Actually, firewall saves the configuration as is has been entered but port 500 and protocol esp are already allowed by service IPsec. /* IPsec definition */ "ipsec" : $[ "name" : _("IPsec"), "udp_ports" : [ "isakmp", "ipsec-nat-t" ], "ip_protocols" : [ "esp" ], ], According to /etc/services isakmp is port 500 It would be nice when firewall could show a detailed summary which ports are actually open (by services) and which service open which ports (and protocols...) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=230042 locilka@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #11 from locilka@novell.com 2007-04-02 05:39 MST ------- This comes from the firewall .changes file: - Show firewall summary details on request (#230042). - yast2-firewall-2.15.4 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com