Re: [oS-en] Another SuSEfirewall2 to firewall conversion.

30 Apr 2023

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El 2023-04-30 a las 14:31 +0200, Carlos E. R. escribió:

I can confirm that the conversion has to be run twice: the first time 
doesn't work.

The command sequence, as documented, is:

   susefirewall2-to-firewalld
   susefirewall2-to-firewalld -c
   firewall-cmd --list-all-zones
   firewall-cmd --runtime-to-permanent

The end of the sequence:

   ...
   Telcontar:/etc/firewalld # time firewall-cmd --runtime-to-permanent 2>&1 | tee susefirewall2-to-firewalld_4.txt
   success

   real    0m0.330s
   user    0m0.217s
   sys     0m0.016s
   Telcontar:/etc/firewalld # l
   total 228
   drwxr-x---   8 root root  4096 Apr 30 15:20 ./
   drwxr-xr-x 242 root root 16384 Apr 14 22:57 ../
   -rw-r--r--   1 root root   153 Apr 30 15:20 direct.xml
   -rw-------   1 root root  2745 Apr 30 14:40 firewalld.conf
   -rw-------   1 root root  2745 Apr 30 11:49 firewalld.conf.old
   drwxr-x---   2 root root  4096 Feb 20 06:17 helpers/
   drwxr-x---   2 root root  4096 Feb 20 06:17 icmptypes/
   drwxr-x---   2 root root  4096 Feb 20 06:17 ipsets/
   -rw-r--r--   1 root root   268 Apr 30 15:20 lockdown-whitelist.xml
   -rw-r--r--   1 root root   268 Feb 20 06:17 lockdown-whitelist.xml.old
   drwxr-x---   2 root root  4096 Apr 30 15:20 policies/
   drwxr-x---   2 root root  4096 Feb 20 06:17 services/
   -rw-r--r--   1 root root 59764 Apr 30 14:32 susefirewall2-to-firewalld_2.3.txt
   -rw-r--r--   1 root root 90583 Apr 30 14:40 susefirewall2-to-firewalld_2.4.txt
   -rw-r--r--   1 root root  2581 Apr 30 15:19 susefirewall2-to-firewalld_3.4.txt
   -rw-r--r--   1 root root     8 Apr 30 15:20 susefirewall2-to-firewalld_4.txt
   drwxr-x---   2 root root  4096 Apr 30 15:20 zones/
   Telcontar:/etc/firewalld # ls -ltr zones/
   total 48
   -rw-r--r-- 1 root root 358 Mar 22  2020 external.xml.old
   -rw-r--r-- 1 root root 293 Apr 30 15:20 dmz.xml
   -rw-r--r-- 1 root root 299 Apr 30 15:20 block.xml
   -rw-r--r-- 1 root root 291 Apr 30 15:20 drop.xml
   -rw-r--r-- 1 root root 191 Apr 30 15:20 docker.xml
   -rw-r--r-- 1 root root 442 Apr 30 15:20 internal.xml
   -rw-r--r-- 1 root root 369 Apr 30 15:20 home.xml
   -rw-r--r-- 1 root root 389 Apr 30 15:20 external.xml
   -rw-r--r-- 1 root root 311 Apr 30 15:20 work.xml
   -rw-r--r-- 1 root root 162 Apr 30 15:20 trusted.xml
   -rw-r--r-- 1 root root 315 Apr 30 15:20 public.xml
   -rw-r--r-- 1 root root 726 Apr 30 15:20 nm-shared.xml
   Telcontar:/etc/firewalld #

Notice the size of the external.xml file, too small.
Then I run the sequence again:

susefirewall2-to-firewalld
susefirewall2-to-firewalld -c
firewall-cmd --list-all-zones
firewall-cmd --runtime-to-permanent

Capture of the end of the sequence:

   ...
   Telcontar:/etc/firewalld # time firewall-cmd --runtime-to-permanent 2>&1 | tee susefirewall2-to-firewalld_14.txt
   success

   real    0m0.406s
   user    0m0.211s
   sys     0m0.016s
   Telcontar:/etc/firewalld # ls -ltr zones/
   total 124
   -rw-r--r-- 1 root root   293 Apr 30 15:20 dmz.xml.old
   -rw-r--r-- 1 root root   299 Apr 30 15:20 block.xml.old
   -rw-r--r-- 1 root root   291 Apr 30 15:20 drop.xml.old
   -rw-r--r-- 1 root root   191 Apr 30 15:20 docker.xml.old
   -rw-r--r-- 1 root root   442 Apr 30 15:20 internal.xml.old
   -rw-r--r-- 1 root root   369 Apr 30 15:20 home.xml.old
   -rw-r--r-- 1 root root   389 Apr 30 15:20 external.xml.old
   -rw-r--r-- 1 root root   311 Apr 30 15:20 work.xml.old
   -rw-r--r-- 1 root root   162 Apr 30 15:20 trusted.xml.old
   -rw-r--r-- 1 root root   315 Apr 30 15:20 public.xml.old
   -rw-r--r-- 1 root root   726 Apr 30 15:20 nm-shared.xml.old
   -rw-r--r-- 1 root root   291 Apr 30 18:16 drop.xml
   -rw-r--r-- 1 root root   191 Apr 30 18:16 docker.xml
   -rw-r--r-- 1 root root  2136 Apr 30 18:16 dmz.xml
   -rw-r--r-- 1 root root   299 Apr 30 18:16 block.xml
   -rw-r--r-- 1 root root 22034 Apr 30 18:16 external.xml
   -rw-r--r-- 1 root root   369 Apr 30 18:16 home.xml
   -rw-r--r-- 1 root root   315 Apr 30 18:16 public.xml
   -rw-r--r-- 1 root root   726 Apr 30 18:16 nm-shared.xml
   -rw-r--r-- 1 root root 19772 Apr 30 18:16 internal.xml
   -rw-r--r-- 1 root root   311 Apr 30 18:16 work.xml
   -rw-r--r-- 1 root root   162 Apr 30 18:16 trusted.xml
   Telcontar:/etc/firewalld # less  zones/external.xml
   Telcontar:/etc/firewalld #

Notice that this second time the file is much bigger.

I have full the command sequence saved, if anyone wants it. 673 KB.

- -- 
Cheers,
        Carlos E. R.
        (from openSUSE 15.4 x86_64 at Telcontar)

-----BEGIN PGP SIGNATURE-----

iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZE6a3Bwccm9iaW4ubGlz
dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVmhsAniyypawEcJAMT/tc+1pG
o5rmhy17AJ0db6klwCC/Te9w+JOofFMCvjFxKQ==
=RCGK
-----END PGP SIGNATURE-----