Carlos E. R. wrote:
On 2023-05-02 13:54, Per Jessen wrote:
Per Jessen wrote:
Carlos E. R. wrote:
I have full the command sequence saved, if anyone wants it. 673 KB.
bugzilla might want to chew it over.
If you want, put your old sfw2 config up on paste.o.o or send it to me by email. I'll be happy to run the conversion here, that is what test systems are for.
I can confirm that the conversion only needs to be run once, the first> time works fine. :-)
You had to do multiple runs, because of errors.
Umm, no I didn't - I _did_ do multiple runs, with reboots in betweeen, to make sure I always started from the same point. There were no errors.
I frankly suspect some Heisenbug - I do not understand why I am suddenly no longer seeing "ZONE_CONFLICT: eth1" RT_TO_PERM_FAILED when trying to persist the firewall config.
I did do some minor changes to your config - see attached. They really are very minor, some even pointless because the migration ignores them anyway. (custom rules, extra interfaces)
I got internal.xml covering vmnet1 and vmnet8
Afaict, the migration script works with existing interfaces only, there was probably no reason to remove those vmnet interfaces. I got external.xml covering eth3, eth4, eth5 and eth6 :-)
I think the sfw2 migration script has ample room for improvement, but as a quick work-around, it seems to do the job.
It does the job, but on two machines I had to run the sequence twice.
Well, maybe something odd in your environment or perhaps the old fashioned - garbage in, garbage out. With those few changes I mentioned, the "single-pass" conversion is reproducable here, again and again. Also when I re-added your vmnet1 and vmnet8 and re-enabled the source-quench icmp. The conversion took 31 minutes though :-) -- Per Jessen, Zürich (20.4°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes