Mailinglist Archive: opensuse-factory (745 mails)

< Previous Next >
Re: [opensuse-factory] firewalld migration
  • From: Nathan <futureboy@xxxxxxxxxxxx>
  • Date: Tue, 30 Jan 2018 20:00:43 -0500
  • Message-id: <2274249.bqyaYd9VsG@icarus>
I'm not sure if this should be reported as a bug, or if there is a fix in
place or if it is even necessary, but with all of my Tumbleweed upgrades, the
Firewalld module was added in Yast but the Firewalld service was not active/
enabled and the SuSEFirewall2 was still active/enabled. Not a big deal for a
user to make the fix, so long as they are informed. I added a Troubleshoot
section to the wiki concerning this issue.


Nathan Wolf

On Tuesday, 30 January 2018 16:31:15 EST Darin Perusich wrote:
On Tue, Jan 30, 2018 at 12:38 PM, Matthias Gerstner <mgerstner@xxxxxxx>

I mean whether all ports specified in the SuSEfirewall2 configs are
correctly reflected in firewalld configs

I can check the missing ones. And if they're needed anymore at all.

I did check all packages that ship service files. There are about 25
packages that don't have matching service definitions in the firewalld
installation. I will take care of opening bugs for them regarding the

An issue is that in SuSEfirewall2 we have some cases of "grouped"
service definitions like courier-imap which contains all of imap, imaps,
pop3 and pop3s. In firewalld there are no such groups, there are just
the individual imap, imaps, pop3 and pop3s services. The question is
whether we should continue having such groups or rather deal with the
individual service protocols. Any opinions on this?

On another matter: For SLE-15 it was decided to completely drop
SuSEfirewall2 so it won't be available as a legacy package or anything.
Should we take the same approach for Leap-15?

When we start removing SuSEfirewall2 service files from packages then
SuSEfirewall2 will stop functioning correctly on Tumbleweed and
ultimately on Leap-15. There would still be the possiblity to basically
support SuSEfirewall2 for a while before it is completely dropped.

I've been following this thread halfheartedly but seeing that
SuSEfirewall2 is being completely replaced by firewalld, are there
plans to implement "everything" that SuSEfirewall2 did under the hood,
with firewalld or other mechanisms? I liked how SF2 created the LOG
rules for each services enabled and would hate to see it go away. How
about the more obscure things like loading kernel modules when
FW_KERNEL_SECURITY or FW_LOAD_MODULES are set. What about "yast
firewall", will this be ported? I'm sure there are more, but these are
the few that come to mind.


To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups