Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: text yast firewall config

  1. #1

    Default text yast firewall config

    I was holding off on deploying a few servers until 15.0 came out. I was going through my first 15.0 install (server mode / ssh) and got to the firewall configuration and received the message telling me yast has no firewall module and to please use firewall-config or firewall-cmd. zypper shows yast2-firewall is installed but SuSEfirewall2 is not. Before I tried to force the issue I figured I would ask if there's been a change to how network / firewalls should be administered in this version.

    If I read the documentation correctly 1.4.3.7 says this should work:
    https://doc.opensuse.org/documentati...e_color_en.pdf

    Since the transition from ifconfig to ip address I'm not assuming anything anymore.

    Any pointers in the right direction appreciated. Thank you.

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: text yast firewall config

    Checked just now.
    Although the graphical "yast2 firewall" forwards to firewall-config to configure firewalld,
    There is no similar forwarding in text mode (at least as of today).
    You will need to invoke "firewall-cmd" directly.

    You can read the firewall-cmd MAN pages or view the help... which is very, very long...
    Code:
    firewall-cmd --help
    If you feel more comfortable with the graphical ncurses text interface for SuSEFW2 and it supports what you want to do, I'm not aware that there should be any problem using it... After all, these or any other firewall management tool is just managing IP tables under the surface and AFAIK nothing SuSEFW2 configures is obviously faulty.

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,700
    Blog Entries
    1

    Default Re: text yast firewall config

    Quote Originally Posted by wbrb View Post
    I was holding off on deploying a few servers until 15.0 came out. I was going through my first 15.0 install (server mode / ssh) and got to the firewall configuration and received the message telling me yast has no firewall module and to please use firewall-config or firewall-cmd. zypper shows yast2-firewall is installed but SuSEfirewall2 is not. Before I tried to force the issue I figured I would ask if there's been a change to how network / firewalls should be administered in this version.
    Yes, there's been a move to using firewalld as SuSEfirewall2 has been deprecated. However, it's still available if desired.
    https://en.opensuse.org/Firewalld

    Code:
    systemctl enable firewalld
    Code:
    systemctl start firewalld
    then either use the graphical UI (firewall-config) via YaST, or the CLI tool 'firewall-cmd'.

    A graphical guide...
    http://www.firewalld.org/documentati...ll-config.html

    The man pages
    Code:
    man firewalld
    Code:
    man firewall-config
    Code:
    man firewall-cmd

  4. #4

    Default Re: text yast firewall config

    Thank you, your reply came right as I was completing a 15.0 install in my home lab. That is a pretty hefty man-page however a quick search for firewall-cmd tutorials got me zones and ssh setup in < 10 minutes so it's not so bad. I hope text yast2 firewall returns soon.

    For anybody else
    Code:
    firewall-cmd --get-active-zones
    firewall-cmd --zone=public --add-port=22/tcp --permanent
    and then a reload got me what I needed.

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,700
    Blog Entries
    1

    Default Re: text yast firewall config

    Quote Originally Posted by wbrb View Post
    I hope text yast2 firewall returns soon.
    I doubt that we'll see a YaST-specific GUI. In any case the graphical 'firewall-config' utility fulfils this purpose for those that prefer such tools.

  6. #6

    Default Re: text yast firewall config

    Quote Originally Posted by deano_ferrari View Post
    I doubt that we'll see a YaST-specific GUI. In any case the graphical 'firewall-config' utility fulfils this purpose for those that prefer such tools.
    This would be a pity. Text yast config and autoyast are THE reason I've pushed OpenSuSE as the standard in our enterprise. It's the only way I've ever seen 2+ different admins ssh into a server and arrive at the same config without copy/pasting which does wonders for standardization. I do hope firewalld gets at least a basic text interface.

    Is there a guide someplace for text yast plugin dev?

  7. #7
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,700
    Blog Entries
    1

    Default Re: text yast firewall config

    Quote Originally Posted by wbrb View Post
    Is there a guide someplace for text yast plugin dev?
    Here you go...
    http://yast.opensuse.org/documentation
    http://yast.opensuse.org/modules

  8. #8
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: text yast firewall config

    Quote Originally Posted by deano_ferrari View Post
    As of today,
    No matter what the documentation says,
    yast (not the graphical yast2) firewall does not forward to anything that works, the result is an error.

    And,
    IMO firewall-cmd is pretty intimidating the first time it's launched compared to SuSEFW2 in ncurses mode. SuSEFW2 may be simplistic but that was part of its usability to support most common needs. It wouldn't win many awards for supporting complexity, but it was easy to use. The initial bar for usability has been raised considerably with firewall-cmd.

    That said, I can appreciate features firewalld has that don't exist in SuSEFW2.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,700
    Blog Entries
    1

    Default Re: text yast firewall config

    Quote Originally Posted by tsu2 View Post
    As of today,
    No matter what the documentation says,
    yast (not the graphical yast2) firewall does not forward to anything that works, the result is an error.
    That's why the OP was asking about yast development...
    Is there a guide someplace for text yast plugin dev?
    openSUSE Leap 15.3; KDE Plasma 5

  10. #10
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,700
    Blog Entries
    1

    Default Re: text yast firewall config

    FWIW, Red Hat (and Fedora) have the system-config-firewall-tui (ncurses utility) for firewalld configuration. It would probably represent the easiest way to provide such an interface....

    https://www.techrepublic.com/article...-ncurses-tool/
    Last edited by deano_ferrari; 27-May-2018 at 21:17.
    openSUSE Leap 15.3; KDE Plasma 5

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •