On 2023-04-30 21:06, Per Jessen wrote:
Per Jessen wrote:
Carlos was right, it is ancient news - the script is dated 2016. I guess it is well off-topic too, but at least it is SUSE related :-)
I suspect that there are quite a bunch of people out there that never did the change from SuSEfirewall2 to firewalld, as there was no need. The former was to be included (and "supported") in the entire 15.x series, so there was no hurry to migrate.
I needed a bit of a distraction, I've been working on a website, so after dinner I installed the migration script on my tw64 test box, along with firewalld. If need be, I can wipe the whole slate clean.
After starting firewalld (with an empty config I presume), I tried the first run of susefirewall2-to-firewalld.
Hum. The starting point is with SuSEfirewall enabled and running, not firewalld.
It took 5m49s - seemed to spend much of it with a whole slew of icmps.
My first attempt to run with commit died after 3minutes -
DEBUG: Executing: firewall-cmd --zone=external --add-service=h323hostcall Error: INVALID_SERVICE: h323hostcall FIREWALLD ERROR: Command 'firewall-cmd ' failed
Next, after removing references to 'h323hostcall', it failed again:
DEBUG: Executing: firewall-cmd --zone=external --add-rich-rule=rule family=ipv4 source address=192.168.1.0/24 port port=nfs protocol=_rpc_ accept Error: INVALID_PROTOCOL: _rpc_ FIREWALLD ERROR: Command 'firewall-cmd ' failed
I guess you left out some bits of your config ? I'll check back tomorrow, going to go and watch telly.
No, those are "native" parts on SuSEfirewall2 system. I have these: cer@Telcontar:~> rpm -qa | grep -i firewall firewall-macros-0.9.3-150400.8.9.1.noarch susefirewall2-to-firewalld-0.0.4-3.9.1.noarch firewalld-lang-0.9.3-150400.8.9.1.noarch firewall-config-0.9.3-150400.8.9.1.noarch yast2-firewall-4.4.3-150400.1.8.noarch firewalld-0.9.3-150400.8.9.1.noarch SuSEfirewall2-3.6.378-1.33.noarch python3-firewall-0.9.3-150400.8.9.1.noarch cer@Telcontar:~> I suspect you miss the macros. I did forget to include the custom script, though. Wait, looking again, I see you are doing the test on TW. That will not work, it needs Leap. Parts of sfw2 were removed because they were not needed, precisely the parts that do clever things like supporting NFS4 (firewalld was said it would work with nfs4). -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)