Hello, On Mon, Jan 22, 2018 at 12:34:35PM +0200, Robert Munteanu wrote:
Is there a plan or some guidance for packages that drop files in /etc/sysconfig/SuSEfirewall2.d/services/ ?
$ ls -1 /etc/sysconfig/SuSEfirewall2.d/services/ | grep -v TEMPLATE | wc -l 33
With firewalld these files are no longer needed. Firewalld ships builtin service definitions which can be listed via $ firwall-cmd --get-services You can get the definition of a single service like this $ firewall-cmd --info-service=samba-client These service names can then be used for opening them in a certain zone: $ firewall-cmd --add-service=samba-client --zone=internal [--permanent] You can also find the XML definitions of the services in /usr/lib/firewalld/services. I think the SuSEfirewall2 service files should stay around until the migration to the new default firewall is complete. We can get rid of these files only after SuSEfirewall2 has been completely removed from openSUSE. It's unconvenient that these files are spread across many different packages so it will probably take a while until they're all cleaned up. If anybody thinks that a service definition is missing in firewalld then please tell me so we can see what to do about it. The correct way in such cases would probably be to contribute suitable files to firewalld upstream. New firewalld services can also be added dynamically during runtime. Here is some upstream documentation on adding services: http://www.firewalld.org/documentation/howto/add-a-service.html So there's /etc/firewalld/services for custom services but dropping service files into /usr/lib/firewalld/services seems also to be supported. Should many additional service files be needed (what I don't hope) then we could also think about introducing a separate package that holds all those custom service files. This would make maintaining them easier from the firewall perspective. But adds some burden to packagers that need changes to them. Regards Matthias -- Matthias Gerstner <matthias.gerstner@suse.de> Dipl.-Wirtsch.-Inf. (FH), Security Engineer https://www.suse.com/security Telefon: +49 911 740 53 290 GPG Key ID: 0x14C405C971923553 SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nuernberg)