On vendredi, 4 mars 2016 16.27:31 h CET Dominique Leuenberger / DimStar wrote:
On Fri, 2016-03-04 at 16:15 +0100, Mathias Homann wrote:
... on 13.2 I'm using firewalld and NetworkManager on my laptop and it works fine.
I should have been more explicit: NetworkManager-gnome (the UI frontend) has been patched to not offer the FW integration pieces in the UI.
NM together with firewalld will work just fine, but getting rid of the patch will actually mean that NM can CONTROL firewalld, including putting different Firewall rules on different configured networks. So you can for example set your home wifi as more trusted than an airport wifi, disable the FW rules at home but shield off completely at the airport. Up to you to decide what you want to do in the office: do you trust your co-workers? (hint: most corporate attachs are registered from inside the network)
As for SFW2, how about we'll set up dependencies and conflicts in the packages?
A bit harsh to not even allow to parallel install them. The should conflict at runtime, I agree, but installing them in parallel should be fine, so that one can switch between one and another.
Wicked would require SuSEfirewall2, wicked would conflict with NM, NM would requires firewalld and firewalld would conflict with SFW2... That way (if I'm not totally off here) it should work fine either way.
Same as above: using yast it is very convenient to switch between NM or wicked. Disallowing parallel install means you can't 'toggle' them if you don't have a network connection and can't get to the repo for getting 'the other implementation' (or any other package source)
Most of the time we see people switch when 'one does not work' (whichever, it's usually the first step in debugging)
This topic will need some more work / thoughts, but I'm sure we're on the right path.
Also keep in mind that a rule-conversion script has already been announced, that will bring your SWF2 rules over to firewalld.
Cheers, Dominique
Actually there's already a bug in Yast2 if you opened network it insist to have SuSEFirewall2 Dude I don't need it, I'm using Shorewall :-) We don't have to force a binary choice to end users. Only on recommend level would be correct -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org