Feature changed by: Karl Cheng (qantas94heavy)
Feature #305147, revision 16
Title: Wizard mode for Network Card configuration (in YaST)
openSUSE-11.2: Rejected by Andreas Jaeger (a_jaeger)
reject date: 2009-08-11 15:36:00
reject reason: A desktop applet is the better solution, see Ludwig's
- openSUSE-11.4: Unconfirmed
+ openSUSE-11.4: Rejected by Karl Cheng (qantas94heavy)
+ reject reason: A desktop applet is the better solution, see Ludwig's
Requested by: Michal Zugec (mzugec)
Product Manager: Federico Lucifredi (flucifredi)
Project Manager: Christoph Thiel (cthiel1)
Technical Contact: Security Team (secteam)
Partner organization: openSUSE.org
(based on "Internet/Intranet with external Router" in suse-beta-e) It
seems some users don't know how to setup the SuSEfirewall correctly.
Especially, they don't know if they should setup a network card as
internal or external device. If a network card is found, YaST should
ask for its usage (local network or directly connected to the
internet?) - every user should know. With this information the firewall
setup can be done in a useful way.
See bugzilla https://bugzilla.novell.com/show_bug.cgi?id=67415
#1: Federico Lucifredi (flucifredi) (2009-01-26 20:34:01)
sounds reasonable. But how many multihomed systems do we find where the
user "does not know" ?
Besides, the security team's policy seems to be "lock everything, ask
questions later", so I am not sure they are willing to mollify the
firewall rules (for instance, open up Avahi by default, or other
default daemons) on a "local" interface.
Asking Marcus for insight. I am not sure on this one.
#2: T. J. Brumfield (enderandrew) (2009-06-13 02:33:51)
I'd contend that openSUSE and SLES/SLED should be treated differently
here. With SLES/SLED, I'd err more on the side of caution and security,
where as with openSUSE, I'd err more on the side of making the system
#3: Marcus Meissner (msmeissn) (2009-07-16 14:35:43)
What we have investigated, or better Ludwig has investigated, is a
Desktop Applet that can switch Firewall zones. See
(Since most user machines these days are laptops, who vary between
Perhaps this is more what is wanted?
#4: Andreas Jaeger (a_jaeger) (2009-08-11 15:35:28) (reply to #3)
I agree, let's push the applet instead.