Hi,
* Default firewall module picked for new installs is now firewalld
when will SuSEfirewall2 be migrated to the new firewalld?
tks,
...And what happens to users which are relying on Susefirewall2 with custom rules and settings?
The firewalld migration is/will be mandatory/silent or could be decided by the user?
We're in the process of changing the default firewall from SuSEfirewall2
to firewalld for SLE-15 and openSUSE Leap 15. The YaST installer should
now be able to enable/disable firewalld and open/close the ssh port for
it.
The YaST firewall module will try to start the firewall-config X
application for configuring firewalld at the moment. There will be some
time without a YaST curses GUI for firewalld. firewalld comes with the
firewall-cmd command line tool for configuring it.
There will not be an automated migration path from an old SuSEfirewall2
configuration to a firewalld configuration. There is a package
"susefirewall2-to-firewalld" which contains a utility for converting
SuSEfirewall2 configurations to firewalld. It's only a supporting tool
that tries to do the right thing. But it requires manual interaction and
review of the resulting firewall rules.
SuSEfirewall2 can stay in Tumbleweed for the moment but there are no
plans to ship it as a legacy module in releases (at least not in
SLE-15). SuSEfirewall2 and firewalld can live side by side but the user
needs to take care that only one of them is active at any time.
For users that extensively use SuSEfirewall2 with custom rules etc.
I recommend to carefully setup new firewall rules using firewalld
command line or GUI utilities. firewalld allows to pass raw iptables
rules and also so called "rich rules" (proprietary simpler syntax
provided by firewalld). These can be used to add custom rules to
firewalld that are not otherwise covered by firewalld features.
Regards
Matthias
--
Matthias Gerstner