Mailinglist Archive: opensuse-factory (745 mails)

< Previous Next >
Re: [opensuse-factory] firewalld migration
Matthias Gerstner wrote:
On Thu, Jan 25, 2018 at 01:40:33PM +0100, Ludwig Nussel wrote:

Or just drop them and generate SuSEfirewall2 files based on the
firewalld ones if needed. I suppose the information for most
services can't be all that different. Just a collection of ports.
Differences need to be looked at and resolved anyways. Anyone
actively looking into that?

that could be possible. But I really wouldn't want to put more effort
than necessary in keeping SuSEfirewall2 working in the migration phase.
Experience with SuSEfirewall2 shows that some difficile corner case will
break as a result and bugs start pouring in ;-)

I'm not quite sure what you mean with "differences need to be looked at

I mean whether all ports specified in the SuSEfirewall2 configs are
correctly reflected in firewalld conflicts.

Just grep ARCHIVES.gz to see what service files exist in the distro,
compare that to what firewalld offers and then create the missing

Where do I find this ARCHIVES.gz?

I can check the missing ones. And if they're needed anymore at all.

What is the benefit of centralizing that?
Wouldn't the UI then display hundreds of entries rather than just
offering what is actually on the system?

Well this is what firewalld more or less already does by shipping 119
service definitions with the default install.

The benefit would be that global changes to service files can be made
in a single package. For example there was/is an issue that many service
files for SuSEfirewall2 wrongly stated "RPC=portmap" instead of
"RPC=portmapper". Fixing that requires a bunch of package updates that
nobody really wants to go for.

1. file bugs
2. create an rpmlint check that fails the package after some weeks
grace period
3. go ahead and fix the remaining packages yourself or file drop
requests for no longer maintained ones.

But that doesn't mean I'm in strictly in favor for centralizing them.
I'm just opening it up for discussion. Both approaches have their pros
and cons. My hope is, as I initially said, that we won't need any
additional service files at all.

A matter of how much we care about usability to justify the effort I
guess. The centralized version is certainly cheaper to have.


(o_ Ludwig Nussel
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard,
Graham Norton, HRB 21284 (AG N├╝rnberg)
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups