Yast-Firewall - shouldn't it restart firewall when changes are made?
All, I rarely mess with the firewall in Yast, so this may be expected behavior. I made changes to allow remote LAN connections to a postgresql database. The connections failed claiming port 5432 wasn't open on my laptop. I used Yast firewall to put the wireless connection on "home", set it as default and added postgresql to the allowed services and clicked "Accept". The remote connections continued to fail, so I used netstat to check whether the port was open with: $ sudo netstat -tulpn | grep LISTEN Neither postgresql or port 5432 was shown. This seemed bizarre. So I manually restarted firewalld (e.g. sudo systemctl restart firewalld) and bingo, the port was open. Isn't Yast-Firewall supposed to restart firewalld after changes are made? -- David C. Rankin, J.D.,P.E.
Hello, In the Message; Subject : Yast-Firewall - shouldn't it restart firewall when changes are made? Message-ID : <a3c9310a-3203-4bd8-a295-6bb5b5a48a8e@gmail.com> Date & Time: Sun, 14 Jul 2024 18:07:33 -0500 [DCR] == "David C. Rankin" <drankinatty@gmail.com> has written: [...] DCR> I used Yast firewall to put the wireless connection on "home", set it as DCR> default and added postgresql to the allowed services and clicked DCR> "Accept". The remote connections continued to fail, so I used DCR> netstat to check whether the port was open with: DCR> $ sudo netstat -tulpn | grep LISTEN DCR> Neither postgresql or port 5432 was shown. This seemed DCR> bizarre. So I manually restarted firewalld (e.g. sudo systemctl DCR> restart firewalld) and bingo, the port was open. DCR> Isn't Yast-Firewall supposed to restart firewalld after DCR> changes are made? It's a hassle, though. On YaST2, System --> Service Manager --> restart Firewalld service. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Microsoft is overhauling its cybersecurity strategy, called the Secure Future Initiative, to incorporate key security features into its core set of technology platforms and cloud services. " -- Microsoft overhauls cyber strategy to finally embrace security by default --
On 2024-07-14 17:07, David C. Rankin wrote:
All,
I rarely mess with the firewall in Yast, so this may be expected behavior. I made changes to allow remote LAN connections to a postgresql database. The connections failed claiming port 5432 wasn't open on my laptop.
I used Yast firewall to put the wireless connection on "home", set it as default and added postgresql to the allowed services and clicked "Accept". The remote connections continued to fail, so I used netstat to check whether the port was open with:
$ sudo netstat -tulpn | grep LISTEN
Neither postgresql or port 5432 was shown. This seemed bizarre. So I manually restarted firewalld (e.g. sudo systemctl restart firewalld) and bingo, the port was open.
Isn't Yast-Firewall supposed to restart firewalld after changes are made?
I wasn't aware that Yast-Firewall had anything to do with firewalld. To configure firewalld, go the the Application Launcher/Settings and start the Firewall utility. You will need the root password. Any changes you make must be made to the runtime settings; be sure at the end to write the runtime into the permanent settings: Options/Runtime to Permanent. Changes you do make are made to the running configuration, so I don't think it should be necessary to restart the firewalld system service.
On 2024-07-15 02:52, Darryl Gregorash wrote:
On 2024-07-14 17:07, David C. Rankin wrote:
All,
I rarely mess with the firewall in Yast, so this may be expected behavior. I made changes to allow remote LAN connections to a postgresql database. The connections failed claiming port 5432 wasn't open on my laptop.
I used Yast firewall to put the wireless connection on "home", set it as default and added postgresql to the allowed services and clicked "Accept". The remote connections continued to fail, so I used netstat to check whether the port was open with:
$ sudo netstat -tulpn | grep LISTEN
Neither postgresql or port 5432 was shown. This seemed bizarre. So I manually restarted firewalld (e.g. sudo systemctl restart firewalld) and bingo, the port was open.
Isn't Yast-Firewall supposed to restart firewalld after changes are made?
I wasn't aware that Yast-Firewall had anything to do with firewalld.
YaST firewall is supposed to handle whatever firewall openSUSE runs, either firewald or SuSEfirewall2. As the later is gone, it means YaST firewall module has to handle firewalld, or be removed from the distribution. Thus, it is a bug in YaST. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On 2024-07-14 19:25, Carlos E. R. wrote:
On 2024-07-15 02:52, Darryl Gregorash wrote:
On 2024-07-14 17:07, David C. Rankin wrote:
All,
I rarely mess with the firewall in Yast, so this may be expected behavior. I made changes to allow remote LAN connections to a postgresql database. The connections failed claiming port 5432 wasn't open on my laptop.
I used Yast firewall to put the wireless connection on "home", set it as default and added postgresql to the allowed services and clicked "Accept". The remote connections continued to fail, so I used netstat to check whether the port was open with:
$ sudo netstat -tulpn | grep LISTEN
Neither postgresql or port 5432 was shown. This seemed bizarre. So I manually restarted firewalld (e.g. sudo systemctl restart firewalld) and bingo, the port was open.
Isn't Yast-Firewall supposed to restart firewalld after changes are made?
I wasn't aware that Yast-Firewall had anything to do with firewalld.
YaST firewall is supposed to handle whatever firewall openSUSE runs, either firewald or SuSEfirewall2. As the later is gone, it means YaST firewall module has to handle firewalld, or be removed from the distribution.
Thus, it is a bug in YaST.
Take a good look at firewalld. Yast-Firewall doesn't know about sets of things to which a rule applies, so it doesn't even adequately configure firewalld.
On 7/14/24 8:53 PM, Darryl Gregorash wrote:
YaST firewall is supposed to handle whatever firewall openSUSE runs, either firewald or SuSEfirewall2. As the later is gone, it means YaST firewall module has to handle firewalld, or be removed from the distribution.
Thus, it is a bug in YaST.
Take a good look at firewalld. Yast-Firewall doesn't know about sets of things to which a rule applies, so it doesn't even adequately configure firewalld.
Well, Whatever it is doing, it is getting the basic commands right. When changed wlo1 to "home" and added "postgresql" and also manually opened port 5432 in the Yast-Firewall app, after restarting firewalld, those config options were reflected in the ports that were opened and the change of the default set to "home" was reflected in: # firewall-cmd --get-default-zone and # firewall-cmd --info-zone=home So somewhere Yast and firewalld are talking to each other through the Yast-Firewall app. (and yep, I always create a traditional root account with password during the install - it's windows otherwise...) -- David C. Rankin, J.D.,P.E.
On 15.07.2024 02:07, David C. Rankin wrote:
All,
I rarely mess with the firewall in Yast, so this may be expected behavior. I made changes to allow remote LAN connections to a postgresql database. The connections failed claiming port 5432 wasn't open on my laptop.
I used Yast firewall to put the wireless connection on "home", set it as default and added postgresql to the allowed services and clicked "Accept". The remote connections continued to fail, so I used netstat to check whether the port was open with:
$ sudo netstat -tulpn | grep LISTEN
Neither postgresql or port 5432 was shown. This seemed bizarre. So I manually restarted firewalld (e.g. sudo systemctl restart firewalld) and bingo, the port was open.
Isn't Yast-Firewall supposed to restart firewalld after changes are made?
Briefly looking at the source - it is.
participants (5)
-
Andrei Borzenkov -
Carlos E. R. -
Darryl Gregorash -
David C. Rankin -
Masaru Nomiya