Mailinglist Archive: opensuse-factory (269 mails)

< Previous Next >
Re: [opensuse-factory] Package firewalld should not yet replace SuSEfirewall2
On Thu, 2019-09-05 at 10:23 +0200, Bjoern Voigt wrote:
Martin Wilck wrote:
What bothers me more is that one of the advertized advantages of
firewalld, playing nicely with libvirt's virtual networking,
doesn't
work for me on openSUSE. I keep typing firewall-cmd commands to fix
packet flow between virtual and real networks. I'm probably just
missing something...
Could you please give us some examples of your FirewallD commands for
LibvirtD guests? How you integrated these FirewallD commands?

Very simple, I have an "internal" zone which basically allows every
traffic, and I do something like

firewall-cmd --zone=internal --change-interface=virbr0

However, my expectation was that this wouldn't be necessary.

https://libvirt.org/firewall.html suggests that it basically should
just autmagically work out of the box with a special zone called
"libvirt", but for that we'd need firewalld 0.7.0 or newer.

Which begs the question why TW is still at firewalld 0.6.3, 3 releases
behind upstream. Even the devel project is still at 0.6.4.

Martin


Until now, FirewallD works acceptable on my Desktop, but I have
trouble
with LibvirtD KVM guests, OpenVPN networks, Docker and LXC.

And I have trouble with my DLNA client which accesses my MythTV
server.
(Also with SuSEfirewall2 I had to write custom script rules for DLNA
access.)

Currently I locked SuSEfirewall2 so that the package management could
not remove the package.

Greetings,
Björn


< Previous Next >
Follow Ups