On Montag 2023-07-17 13:30, Paul Neuwirth via openSUSE Users wrote:
Chain reject_func (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
and I noticed, that SuSEfirewall2.service was not disabled, but failed at boot. As it was never running, I always assumed it was disabled. now explicitely disabled SuSEfirewall2.service and SuSEfirewall2_init.service
# systemctl status SuSEfirewall2.service × SuSEfirewall2.service - SuSEfirewall2 phase 2 Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2023-07-17 12:21:56 CEST; 1h 5min ago Main PID: 3656 (code=exited, status=1/FAILURE)
Jul 17 12:21:54 omega.swabian.net SuSEfirewall2[3656]: using default zone 'ext' for interface eth1 Jul 17 12:21:56 omega.swabian.net SuSEfirewall2[4024]: Could not open socket to kernel: Address family not supported by protocol Jul 17 12:21:56 omega.swabian.net SuSEfirewall2[4027]: Could not open socket to kernel: Address family not supported by protocol Jul 17 12:21:56 omega.swabian.net SuSEfirewall2[4034]: Could not open socket to kernel: Address family not supported by protocol Jul 17 12:21:56 omega.swabian.net SuSEfirewall2[4037]: Could not open socket to kernel: Address family not supported by protocol Jul 17 12:21:56 omega.swabian.net SuSEfirewall2[3656]: failed to setup rpc service rules for portmapper Jul 17 12:21:56 omega.swabian.net SuSEfirewall2[4040]: <35>Jul 17 12:21:56 SuSEfirewall2[3656]: failed to setup rpc service rules for portmapper Jul 17 12:21:56 omega.swabian.net systemd[1]: SuSEfirewall2.service: Main process exited, code=exited, status=1/FAILURE Jul 17 12:21:56 omega.swabian.net systemd[1]: SuSEfirewall2.service: Failed with result 'exit-code'. Jul 17 12:21:56 omega.swabian.net systemd[1]: Failed to start SuSEfirewall2 phase 2.
will try again, after software update and a reboot.
working fine after disabling services and reboot. iptables looks clean now. but opens the question, why SuSEfirewall2 fails in the first place. a web search for "failed to setup rpc service rules for portmapper" returns zero results. As on this machine, I may want to enable it, it's a laptop, that I might use outside of my network.. hm Thank you all, Regards Paul