Matthias Gerstner wrote:
On Thu, Jan 25, 2018 at 01:40:33PM +0100, Ludwig Nussel wrote:
Or just drop them and generate SuSEfirewall2 files based on the firewalld ones if needed. I suppose the information for most services can't be all that different. Just a collection of ports. Differences need to be looked at and resolved anyways. Anyone actively looking into that?
that could be possible. But I really wouldn't want to put more effort than necessary in keeping SuSEfirewall2 working in the migration phase. Experience with SuSEfirewall2 shows that some difficile corner case will break as a result and bugs start pouring in ;-)
I'm not quite sure what you mean with "differences need to be looked at anyways".
I mean whether all ports specified in the SuSEfirewall2 configs are correctly reflected in firewalld conflicts.
Just grep ARCHIVES.gz to see what service files exist in the distro, compare that to what firewalld offers and then create the missing ones.
Where do I find this ARCHIVES.gz?
http://download.opensuse.org/tumbleweed/repo/oss/
I can check the missing ones. And if they're needed anymore at all.
What is the benefit of centralizing that? Wouldn't the UI then display hundreds of entries rather than just offering what is actually on the system?
Well this is what firewalld more or less already does by shipping 119 service definitions with the default install.
The benefit would be that global changes to service files can be made in a single package. For example there was/is an issue that many service files for SuSEfirewall2 wrongly stated "RPC=portmap" instead of "RPC=portmapper". Fixing that requires a bunch of package updates that nobody really wants to go for.
1. file bugs 2. create an rpmlint check that fails the package after some weeks grace period 3. go ahead and fix the remaining packages yourself or file drop requests for no longer maintained ones.
But that doesn't mean I'm in strictly in favor for centralizing them. I'm just opening it up for discussion. Both approaches have their pros and cons. My hope is, as I initially said, that we won't need any additional service files at all.
A matter of how much we care about usability to justify the effort I guess. The centralized version is certainly cheaper to have. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org