Mailinglist Archive: opensuse-factory (745 mails)

< Previous Next >
Re: [opensuse-factory] communication regarding the move to firewalld
Andrei Borzenkov wrote:
31.01.2018 13:21, Peter Suetterlin пишет:

On quick look I couldn't find something similar for firewalld. Instead a
lot of
xml files :(( So I had a look at the conversion script,
susefirewall2-to-firewalld.

It suggested running it (dry-run), to see what happens. It claimed it would
only stop and restart SFW2. It did (of course) also stop fail2ban, but did
not
restart it afterwards...


I do not think it is something script does intentionally or that script
even knows about fail2ban service at all. fail2ban service is configured
to be PartOf SuSEfirewall2 service. So when script stopped SFW2 it
caused fail2ban to be also stopped. But PartOf only applies to stopping,
so starting SFW2 did not pull fail2ban.

You're of course right!
And I mostly wrote it to make other readers aware of that. Best solution (IMHO)
would be just to mention this also in the start-up info of the script, that
dependent services like f2b might need manual restart

Check what script does. May be it could use restart instead of
stop/start; restart should also restart all dependent units that are
PartOf unit being restarted.

Shame on me - I wasn't even aware of that difference :o
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >