Mailinglist Archive: opensuse-factory (745 mails)

< Previous Next >
Re: [opensuse-factory] firewalld migration (was: Tumbleweed - Review of the week 2018/03)

On Mon, Jan 22, 2018 at 12:34:35PM +0200, Robert Munteanu wrote:
Is there a plan or some guidance for packages that drop files in
/etc/sysconfig/SuSEfirewall2.d/services/ ?

$ ls -1 /etc/sysconfig/SuSEfirewall2.d/services/ | grep -v TEMPLATE | wc -l

With firewalld these files are no longer needed. Firewalld ships builtin
service definitions which can be listed via

$ firwall-cmd --get-services

You can get the definition of a single service like this

$ firewall-cmd --info-service=samba-client

These service names can then be used for opening them in a certain zone:

$ firewall-cmd --add-service=samba-client --zone=internal [--permanent]

You can also find the XML definitions of the services in

I think the SuSEfirewall2 service files should stay around until the
migration to the new default firewall is complete. We can get rid of
these files only after SuSEfirewall2 has been completely removed from
openSUSE. It's unconvenient that these files are spread across many
different packages so it will probably take a while until they're all
cleaned up.

If anybody thinks that a service definition is missing in firewalld then
please tell me so we can see what to do about it. The correct way in
such cases would probably be to contribute suitable files to firewalld
upstream. New firewalld services can also be added dynamically during
runtime. Here is some upstream documentation on adding services:

So there's /etc/firewalld/services for custom services but dropping
service files into /usr/lib/firewalld/services seems also to be

Should many additional service files be needed (what I don't hope) then
we could also think about introducing a separate package that holds all
those custom service files. This would make maintaining them easier from
the firewall perspective. But adds some burden to packagers that need
changes to them.



Matthias Gerstner <matthias.gerstner@xxxxxxx>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer
Telefon: +49 911 740 53 290
GPG Key ID: 0x14C405C971923553

SUSE Linux GmbH
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)
< Previous Next >