![](https://seccdn.libravatar.org/avatar/184f2936f5d39b27534f4dd7c4d15bfb.jpg?s=120&d=mm&r=g)
Per Jessen wrote:
I guess you left out some bits of your config ? I'll check back tomorrow, going to go and watch telly.
[snip]
I suspect you miss the macros.
tl;dr - conversion seems to go fine, albeit with minor hiccups and with no host-specific rules. ------------- I have now installed firewall-macros. Fyi, I do see a comment in the process: INFO: SuSEfirewall2 is not installed. Will attempt to migrate only based on the old configuration file Clearly nothing much to worry about. I removed the ipv6 references and the non-existent vmnet interfaces. The first dry-run went fine. Hmm, the commit run aborted with: Error: INVALID_SERVICE: h323hostcall FIREWALLD ERROR: Command 'firewall-cmd ' failed Okay, removed. Re-running. Error: INVALID_PROTOCOL: _rpc_ FIREWALLD ERROR: Command 'firewall-cmd ' failed There is a comment in the config: "The special value _rpc_ is recognized as protocol", but that doesn't seem to work. Removing that too - you only have it for accepting NFS traffic on two ranges, 192.168.1.0/24 and 192.168.74/24. Should be easy to re-add manually. Next run - went fine, completed in 9m41s. DEBUG: firewall-cmd --zone=external --remove-service=mdns DEBUG: firewall-cmd --zone=external --remove-service=sip DEBUG: firewall-cmd --zone=external --remove-service=slp DEBUG: firewall-cmd --zone=external --remove-port=427/tcp DEBUG: firewall-cmd --zone=external --remove-port=4664/tcp DEBUG: firewall-cmd --zone=external --remove-port=30000-30010/tcp DEBUG: firewall-cmd --zone=external --remove-port=427/udp DEBUG: firewall-cmd --zone=external --remove-port=4667/udp DEBUG: firewall-cmd --zone=external --remove-port=4674/udp DEBUG: firewall-cmd --zone=external --remove-port=5060-5100/udp DEBUG: firewall-cmd --zone=external --remove-interface=eth0 DEBUG: firewall-cmd --zone=external --add-interface=eth0 DEBUG: firewall-cmd --zone=external --add-port=30000-30010/tcp DEBUG: firewall-cmd --zone=external --add-port=4664/tcp DEBUG: firewall-cmd --zone=external --add-port=427/tcp DEBUG: firewall-cmd --zone=external --add-port=5060-5100/udp DEBUG: firewall-cmd --zone=external --add-port=427/udp DEBUG: firewall-cmd --zone=external --add-port=4674/udp DEBUG: firewall-cmd --zone=external --add-port=4667/udp DEBUG: firewall-cmd --zone=external --add-service=sip DEBUG: firewall-cmd --zone=external --add-service=mdns DEBUG: firewall-cmd --zone=external --add-service=slp (the rest were all about icmp). Listing the zones, looks good, but I notice a complete absence of your host-specific rules from FW_TRUSTED_NETS. Next, I also noticed that no iptables rules were added at all - ah, I need to configure firewalld to use iptables :-) -- Per Jessen, Zürich (13.2°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes