[Bug 808759] New: upgrade from 12.2 -> 12.3 -- SuSEFirewall2 *disabled*

[Bug 808759] New: upgrade from 12.2 -> 12.3 -- SuSEFirewall2 disabled

older
[Bug 870343] New: Artwork Glitch...

bugzilla_noreply＠novell.com

11 Mar 2013 11 Mar '13

19:09

https://bugzilla.novell.com/show_bug.cgi?id=808759 https://bugzilla.novell.com/show_bug.cgi?id=808759#c0 Summary: upgrade from 12.2 -> 12.3 -- SuSEFirewall2 *disabled* Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: jnelson-suse@jamponi.net QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 After upgrading from 12.2 to 12.3, I noticed that multiple services went from enabled to disabled, including *SuSEFirewall2* (a security concern). - SuSEFirewall2 - squid - irqbalance and possibly others. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

21 Mar 21 Mar

14:13

New subject: [Bug 808759] upgrade from 12.2 -> 12.3 -- SuSEFirewall2 *disabled*

https://bugzilla.novell.com/show_bug.cgi?id=808759 https://bugzilla.novell.com/show_bug.cgi?id=808759#c1 Jon Nelson changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com --- Comment #1 from Jon Nelson 2013-03-21 14:13:03 UTC --- This happened on all of the machines I upgraded. I really feel as though this is a security issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

7 Apr 7 Apr

12:33

New subject: [Bug 808759] upgrade from 12.2 -> 12.3 -- SuSEFirewall2 *disabled*

https://bugzilla.novell.com/show_bug.cgi?id=808759 https://bugzilla.novell.com/show_bug.cgi?id=808759#c2 Andreas Wolf changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |novell@chromanet.de --- Comment #2 from Andreas Wolf 2013-04-07 12:33:44 UTC --- Same here.

...

rcSuSEfirewall2 status rcSuSEfirewall2: no such service SuSEfirewall2

...

SuSEfirewall2 start SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... SuSEfirewall2: using default zone 'ext' for interface tun0 SuSEfirewall2: Firewall customary rules loaded from /etc/sysconfig/scripts/SuSEfirewall2-custom SuSEfirewall2: Firewall rules successfully set

...

rcSuSEfirewall2 status rcSuSEfirewall2: no such service SuSEfirewall2

...

SuSEfirewall2 status ### iptables filter ### Chain INPUT (policy DROP 0 packets, 0 bytes) [...]

Workaround: chkconfig has no SuSEfirewall2_init or SuSEfirewall2_setup entries any more After enabling it anyway, rcSuSefirewall2 works again:

...

chkconfig SuSEfirewall2 on ln -s '/usr/lib/systemd/system/SuSEfirewall2.service' '/etc/systemd/system/SuSEfirewall2_setup.service' ln -s '/usr/lib/systemd/system/SuSEfirewall2.service' '/etc/systemd/system/multi-user.target.wants/SuSEfirewall2.service' ln -s '/usr/lib/systemd/system/SuSEfirewall2_init.service' '/etc/systemd/system/multi-user.target.wants/SuSEfirewall2_init.service'

...

rcSuSEfirewall2 status SuSEfirewall2.service - SuSEfirewall2 phase 2 Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled) Active: inactive (dead) CGroup: name=systemd:/system/SuSEfirewall2.service

...

rcSuSEfirewall2 start rcSuSEfirewall2 status SuSEfirewall2.service - SuSEfirewall2 phase 2 Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled) Active: active (exited) since Sun, 2013-04-07 14:17:31 CEST; 4s ago Process: 23534 ExecStart=/usr/sbin/SuSEfirewall2 boot_setup (code=exited, status=0/SUCCESS) CGroup: name=systemd:/system/SuSEfirewall2.service

Furthermore /usr/share/doc/packages/SuSEfirewall2/README 2.2. Manual configuration seems to be wrong:

...

chkconfig SuSEfirewall2_init on chkconfig SuSEfirewall2_setup on Failed to issue method call: No such file or directory

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:06

New subject: [Bug 808759] upgrade from 12.2 -> 12.3 -- SuSEFirewall2 *disabled*

https://bugzilla.novell.com/show_bug.cgi?id=808759 https://bugzilla.novell.com/show_bug.cgi?id=808759#c3 Christian Boltz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de Severity|Normal |Major --- Comment #3 from Christian Boltz 2013-04-07 16:06:13 CEST --- Silently disabling the firewall on upgrade is a major security problem IMHO. Jon, please open separate bugreports for the other services mentioned in comment #0 - I'm afraid they'll get lost otherwise. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.