http://bugzilla.suse.com/show_bug.cgi?id=1084177 Weihua Du changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |whdu@suse.com Assignee|bnc-team-screening@forge.pr |matthias.gerstner@suse.com |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c2 --- Comment #2 from Matej Cepl --- (In reply to Matthias Gerstner from comment #1)

Can you please test whether there is a conflict when you enable only one of the firewall packages?

root# systemctl disable firewalld root# systemctl enable SuSEfirewall2

This should work for SuSEfirewall2, and the other way around for firewalld.

OK, I have reinstalled SuSEfirewall2, reproduced the problem, and when I run systemctl disable SuSEfirewall2 systemctl stop SuSEfirewall2 and then everything works (I don't know actually how to make SuSEfirewall2, not that it matters anymore). So, I would say that something wrong happened on the upgrade from LEAP to Tumbleweed, and I would say there is something with packaging. Why these two packages shouldn't conflict each other? Is there any possibility somebody would like to have both of these even installed? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 Matthias Gerstner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c5 --- Comment #5 from Matthias Gerstner --- After looking a bit into this it will become a Conflict: after all I think. Modelling it on systemd service unit level could lead to an undefined result. Strictly speaking SuSEfirewall2 is not replaced by firewalld, just the default firewall changed. Users that want to use SuSEfirewall2 on Tumbleweed are still able to do so. At the moment allowing both packages to be installed could ease the migration. Since we want to avoid trouble after upgrading to Tumbleweed the Conflict: still seems the easiest solution. I will try that approach and hope that nothing else breaks by this. In the end SuSEfirewall2 will probably be deleted from openSUSE:Factory but at the moment I want to keep both available until the integration of YaST with firewalld is complete and stable. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c7 --- Comment #7 from Matthias Gerstner --- Could you please tell me whether you did an offline upgrade or an online upgrade to Tumbleweed that resulted in this firewall malfunction? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c9 --- Comment #9 from Matthias Gerstner --- Thank you for the information. As I feared in the beginning, the Conflict is now causing troubles for other users. See bug 1085260. A couple of issues around the migration path have been uncovered. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c10 Matthias Gerstner changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yast2-maintainers@suse.de Flags| |needinfo?(yast2-maintainers | |@suse.de) --- Comment #10 from Matthias Gerstner --- YaST maintainers, I suspect that some mechanism in YaST caused the firewalld service to be enabled after the upgrade. firewalld is not enabled via systemd-presets. The situation that both firewalls are enabled automatically during upgrades needs to be avoided. Can you add some logic to yast2-firewall or other involved packages that makes sure that SuSEfirewall2 is disabled (if applicable) before firewalld is enabled? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c12 --- Comment #12 from Matthias Gerstner --- (In reply to locilka@suse.com from comment #11)

Please, see comment #8: Online, just using zypper.

Yes I am aware of that. But after the upgrade by using YaST it could have happened. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c14 --- Comment #14 from Matthias Gerstner --- Well I tried an upgrade from Leap 42.3 to Tumbleweed now and couldn't find any situation that could result both firewalls being enabled implicitly. Did you have firewalld installed before upgrading to Tumbleweed? Because it wasn't even installed by way of the upgrade. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c16 --- Comment #16 from Markos Chandras --- Would it be possible for Yast2 to help a bit here by ensuring that SF2 is disabled/stopped as well? In order for firewalld to work properly, SF2 must be stopped (and disabled) to avoid systemd surprises. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c19 --- Comment #19 from Michal Filka --- (In reply to Markos Chandras from comment #16)

Would it be possible for Yast2 to help a bit here by ensuring that SF2 is disabled/stopped as well? In order for firewalld to work properly, SF2 must be stopped (and disabled) to avoid systemd surprises.

yast cannot help here much bcs: 1) in this case upgrade was done using zypper 2) yast do not provide any UI for configuring firewall anymore Only what we can do is too tweak yast driven upgrade -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1084177 http://bugzilla.suse.com/show_bug.cgi?id=1084177#c21 --- Comment #21 from Matthias Gerstner --- Please also see bug 1085260 for more details on the issue. -- You are receiving this mail because: You are on the CC list for the bug.