On 02/22/2019 05:55 AM, James Knott wrote:
On 02/21/2019 08:44 PM, Lew Wolfgang wrote:
Hi Folks,
I've finally started to move 42.3 systems to Leap 15 and have run into some issues with firewalld. The basic install works okay on this dual-stack v4/v6 network, but when I try to configure two interfaces (exterior/interior) I lose my v6 address assignment. Stopping the firewall allows dhcpv6 to work, starting the firewall breaks it again. I've explicitly tried to enable the dhcpv6 service, and to enable logging for troubleshooting, all to no avail. The GUI interface is confusing at best, and I've got direct experience with ipchains and iptables, so I didn't just fall off of the turnip truck.
Does anyone have experience with Shorewall as a replacement for firewalld? I'm tempted to try it before I get too far into the weeds with firewalld. Any suggestions? I used to use SuSEFirewall2, including with IPv6, back when I used a 6in4 tunnel to get IPv6. However, when my ISP provided IPv6, with DHCPv6-PD, I had to switch to another firewall that supported it. I went with pfSense, which works very well. It can be run in either a stand alone computer or in a virtual machine.
Yes, we've been using SuSEFirewall2 in this dual-stacked environment without any issues, and firewalld worked okay until I tried to configure a box with two interfaces. I've also heard good things about pfSense, but we're really interested in maintaining host-based firewalls, in addition to the external ones maintained by management. Shorewall seemed attractive since it's supported and easily installed via zypper. It can serve as a host-based firewall and router, right? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org