On 2018-08-07 21:33, Dave Howorth wrote:
On Tue, 7 Aug 2018 18:56:53 +0200 "Carlos E. R."
wrote: On 2018-08-07 15:11, Dave Howorth wrote:
On Tue, 7 Aug 2018 14:45:23 +0200 (CEST) "Carlos E. R." <> wrote:
My guess is that you upgraded to Leap 15.0 from some previous version, or perhaps tumbleweed, and you are running the old firewall which has not been migrated by *you* to the new firewall.
Sorry, I'm on Leap 15.0 and it was upgraded by zypper from Leap 42.3
Looking at YaST software listings, apparently I have both SuSEfirewall2 and firewalld installed, along with firewall-config, firewall-macros, firewalld-lang, python3-firewall, xfwp & yast2-firewall.
Nothing told me to migrate a firewall. I don't want a firewall. Is it safe to just remove all these packages?
Well, it is up to you to decide to have a firewall or not. I always have one on every machine I control.
Thanks Carlos, and thanks to Darryl too. I stopped the services (YaST balked and I had to do it twice) and now I can access TV remotely as I wished.
I gave you the exact commands to do it (stop service) without YaST.
I know the arguments for having a firewall, but I've been caught too often by situations like I've just had that have wasted days of my time.
If you really do not want a firewall, just:
systemctl status firewalld.service systemctl stop firewalld.service systemctl disable firewalld.service
systemctl status SuSEfirewall2.service systemctl stop SuSEfirewall2.service systemctl disable SuSEfirewall2.service
and then remove SuSEfirewall2 packages.
You get both because you may want to migrate your settings from the previous firewall in 42.3 to the new one in 15.0. There is a tool that automates that migration, I forgot the name and it is not documented in the release notes.
Ah. Google finds it: "susefirewall2-to-firewalld"
I read the README as they suggested but am now confused. It says it is a simple script but it talks about 'start/stop/restart firewalld and SuSEfirewall2 services'. That doesn't sound simple to me. Does that mean even if I have both firewalls shut down, it is going to start them? I'd have thought a simple script would migrate a configuration by editing some configuration scripts? I'd be happy to do that, against the event that I might find some reason to use firewalld in the future.
The point is, IF you want to migrate from the old settings to the new, then you need both while you do the migration, then delete the old. IF you do not care about the old, then just delete the old. Finally, after those two decisions you do not want any firewall, then you _stop_ and then _disable_ the new, but not remove in case there are dependencies.
OTOH, if I just start firewalld as a new installation, I would hope there's a graphical first-time-run program to guide me through setting it up?
Yes. But it does not run automatically, you have to call it. I think it is is in YaST although it is not a YaST module. I'm not sure it is a first-time-run program, either.
In which case, there wouldn't be much point in preserving a configuration I already know has some problem.
If you know it has problems, don't migrate it.
If you are sure you do not want to migrate settings, then just delete SuSEfirewall2 packages, then enable and start firewalld.service, then open the needed ports.
But if I don't want a firewall, why not just delete it?
Because it might be needed by dependencies.
PS I opened a bug about text selection from YaST https://bugzilla.opensuse.org/show_bug.cgi?id=1104069
Ok :-) -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)