[Bug 1084177] New: SuSEfirewall2 and firewalld conflicting each other
http://bugzilla.suse.com/show_bug.cgi?id=1084177 Bug ID: 1084177 Summary: SuSEfirewall2 and firewalld conflicting each other Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening@forge.provo.novell.com Reporter: mcepl@cepl.eu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- I have installed LEAP 42.3 in my VM and then I have upgraded to Tumbleweed using https://en.opensuse.org/openSUSE:Tumbleweed_upgrade steps. The result was that I had both SuSEfirewall2 and firewalld installed, and they seem to fight each other. When I enabled and started firewalld (using either systemctl or Yast2, it did not make any difference) I ended up on the next reboot with firewalld enabled but dead. Only when I removed SuSEfirewall2, firewalld started to boot up properly (and so I can connect to VM via ssh ;)). Now I have firewalld-0.5.1-1.1.noarch, and I have removed SuSEfirewall2-3.6.378-1.1. I guess firewalld should somehow conflict other firewalls, shouldn't it? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
Weihua Du
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c1
--- Comment #1 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c2
--- Comment #2 from Matej Cepl
Can you please test whether there is a conflict when you enable only one of the firewall packages?
root# systemctl disable firewalld root# systemctl enable SuSEfirewall2
This should work for SuSEfirewall2, and the other way around for firewalld.
OK, I have reinstalled SuSEfirewall2, reproduced the problem, and when I run systemctl disable SuSEfirewall2 systemctl stop SuSEfirewall2 and then everything works (I don't know actually how to make SuSEfirewall2, not that it matters anymore). So, I would say that something wrong happened on the upgrade from LEAP to Tumbleweed, and I would say there is something with packaging. Why these two packages shouldn't conflict each other? Is there any possibility somebody would like to have both of these even installed? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c3
--- Comment #3 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c4
--- Comment #4 from Matej Cepl
In packaging we always try to avoid adding Conflicts as outlined here:
Well, I was thinking more in terms of https://fedoraproject.org/wiki/Packaging:Guidelines#Renaming.2FReplacing_Exi... (sorry, I don't know what's the OpenSUSE policy on this topic), which I believe is acceptable use of Conflicts/Obsoletes tags, but whatever you think is proper. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c5
--- Comment #5 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c6
--- Comment #6 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c7
--- Comment #7 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c8
--- Comment #8 from Matej Cepl
Could you please tell me whether you did an offline upgrade or an online upgrade to Tumbleweed that resulted in this firewall malfunction?
Online, just using zypper. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c9
--- Comment #9 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c10
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c11
Lukas Ocilka
YaST maintainers, I suspect that some mechanism in YaST caused the firewalld service to be enabled after the upgrade. firewalld is not enabled via systemd-presets.
Please, see comment #8: Online, just using zypper. Doesn't look like YaST is involved... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c12
--- Comment #12 from Matthias Gerstner
Please, see comment #8: Online, just using zypper.
Yes I am aware of that. But after the upgrade by using YaST it could have happened. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c13
--- Comment #13 from Matej Cepl
(In reply to locilka@suse.com from comment #11)
Please, see comment #8: Online, just using zypper.
Yes I am aware of that. But after the upgrade by using YaST it could have happened.
Actually, I am not even sure I have SuSEFirewall2-yast module installed. When I tried to check the state of firewall in Yast I have found only firewalld module (which was frozen; obviously, because firewalld itself was not running). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c14
--- Comment #14 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c15
--- Comment #15 from Matej Cepl
Did you have firewalld installed before upgrading to Tumbleweed? Because it wasn't even installed by way of the upgrade.
I am not certain, it is possible, but I cannot recall I would be doing anything significant with that Leap installation before upgrading to Tumbleweed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c16
--- Comment #16 from Markos Chandras
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c17
--- Comment #17 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c19
--- Comment #19 from Michal Filka
Would it be possible for Yast2 to help a bit here by ensuring that SF2 is disabled/stopped as well? In order for firewalld to work properly, SF2 must be stopped (and disabled) to avoid systemd surprises.
yast cannot help here much bcs: 1) in this case upgrade was done using zypper 2) yast do not provide any UI for configuring firewall anymore Only what we can do is too tweak yast driven upgrade -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c20
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1084177
http://bugzilla.suse.com/show_bug.cgi?id=1084177#c21
--- Comment #21 from Matthias Gerstner
participants (1)
-
bugzilla_noreply@novell.com