I'm not sure if this should be reported as a bug, or if there is a fix in place or if it is even necessary, but with all of my Tumbleweed upgrades, the Firewalld module was added in Yast but the Firewalld service was not active/ enabled and the SuSEFirewall2 was still active/enabled. Not a big deal for a user to make the fix, so long as they are informed. I added a Troubleshoot section to the wiki concerning this issue. https://en.opensuse.org/Firewalld Cheers, -- Nathan Wolf On Tuesday, 30 January 2018 16:31:15 EST Darin Perusich wrote:
On Tue, Jan 30, 2018 at 12:38 PM, Matthias Gerstner <mgerstner@suse.de> wrote:
Hi!
I mean whether all ports specified in the SuSEfirewall2 configs are correctly reflected in firewalld configs
I can check the missing ones. And if they're needed anymore at all.
I did check all packages that ship service files. There are about 25 packages that don't have matching service definitions in the firewalld installation. I will take care of opening bugs for them regarding the migration.
An issue is that in SuSEfirewall2 we have some cases of "grouped" service definitions like courier-imap which contains all of imap, imaps, pop3 and pop3s. In firewalld there are no such groups, there are just the individual imap, imaps, pop3 and pop3s services. The question is whether we should continue having such groups or rather deal with the individual service protocols. Any opinions on this?
On another matter: For SLE-15 it was decided to completely drop SuSEfirewall2 so it won't be available as a legacy package or anything. Should we take the same approach for Leap-15?
When we start removing SuSEfirewall2 service files from packages then SuSEfirewall2 will stop functioning correctly on Tumbleweed and ultimately on Leap-15. There would still be the possiblity to basically support SuSEfirewall2 for a while before it is completely dropped.
I've been following this thread halfheartedly but seeing that SuSEfirewall2 is being completely replaced by firewalld, are there plans to implement "everything" that SuSEfirewall2 did under the hood, with firewalld or other mechanisms? I liked how SF2 created the LOG rules for each services enabled and would hate to see it go away. How about the more obscure things like loading kernel modules when FW_KERNEL_SECURITY or FW_LOAD_MODULES are set. What about "yast firewall", will this be ported? I'm sure there are more, but these are the few that come to mind.
Thanks!
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org