[Bug 1188143] New: Firewall Zone-Interface association not applied with "Reload"
http://bugzilla.opensuse.org/show_bug.cgi?id=1188143 Bug ID: 1188143 Summary: Firewall Zone-Interface association not applied with "Reload" Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: x86-64 OS: openSUSE Leap 15.3 Status: NEW Severity: Minor Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers@suse.de Reporter: mail@georg-pfuetzenreuter.net QA Contact: jsrain@suse.com Found By: --- Blocker: --- Hi, this is a follow-up to my report in #yast. Steps to reproduce: -> Launch YaST2 firewall -> Under "Start-Up", set "After writing configuration:" to "Reload" -> Under "Interfaces", select an interface currently assigned to a zone -> Use "Change Zone" and select a different Zone from the dropdown menu -> Confirm with "OK" and choose "Accept" (F10) Expected behavior: The zone-interface association should be applied, since the CLI equivalent of the operation `firewall-cmd --zone=zoneA --remove-interface=eth0 --permanent` `firewall-cmd --zone=zoneB --add-interface=eth0 --permanent` `firewall-cmd --reload` works fine. Observed behavior: The zone-interface association is not being applied (as can be confirmed with `firewall-cmd --list-all-zones`). A manual restart of firewalld, or launching YaST2 firewall again and changing "After writing configuration:" to "Restart" is required. Possible fix: Adjust the program to reload firewalld using `firewall-cmd --reload` instead of using the reload feature of systemd. The systemd unit for firewalld specifies the reload action to send a SIGHUP to firewalld, which, from my observation, not always applies the changes. I am not sure if this is the actual cause of the issue, but it might be worth a try. :-) Cheers, Georg -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1188143 David Ka��erek <davidkacerek@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |davidkacerek@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com