Yast firewall doesn't respect interface selected

[arvidjaar]

YaST Firewall module seems to ignore devices that are under NetworkManager control.

No, that was wrong. YaST firewall module shows only those interfaces that are known to wicked (i.e. have corresponding /etc/sysconfig/network/ifcfg-XXX file).

Now given that a) NetworkManager is default on new installation and b) wicked is deprecated this certainly can be considered a bug in YaST. And not the new one ...

https://bugzilla.opensuse.org/show_bug.cgi?id=899330

Code:

NAME                     UUID                                  TYPE      DEVICE 
ASUS                     02f549c2-4665-4736-9224-cde0ce8a9a8c  wifi      wlo1   
Po??czenie przewodowe 1  2b102c32-6675-379e-ae93-b03a4aeb130c  ethernet  --     
wlan0                    e9d63b0a-d900-3eb7-93ef-3f621fbbd4cc  wifi      --

When you are asked to post command output, always paste the full command invocation and subsequent prompt. Only this way can we be sure what command produced this output and that this output is complete.

Anyway - you have connection wlan0 which matches your "missing" interface name. Installer creates both wicked interface configuration and NetworkManger connection profile with the same settings as have been used during installation. As far as I can tell, for NetworkManager installer also restricts this connection profile to the specific interface name, which explains why "wlan0" connection did not work (because this interface name does not exist). Could you show

Code:

cat /etc/sysconfig/network/ifcfg-wlan0
nmcli connection show wlan0

So the only open question here is - why interface name in installer was different. I briefly tested it with current TW 20220603 using wired interface in QEMU, but I cannot reproduce it - resulting connection profile matches interface name.

So now I have three options:

You can also use native firewalld tools including firewall-config GUI. Nothing forces you to use YaST. Actually YaST firewalld module is relatively new, and initially it simply launched firewall-config directly.

It also seems to be the way recommended by wiki.

This "recommendation" was written by someone who was just as confused about firewalld as you are. Of course anyone is free to use any zone for any purpose, but established meaning of "public" zone is untrusted environment like public hotspot, so only absolutely necessary ports are opened. Personally I do not think kdeconnect falls into this category.

As NetworkManager sets firewalld zone per connection profile (not per interface) this allows you to define your home AP as trusted (e.g. "home" zone) and leave any other AP as default (normally "public"). Which is far better than statically adding specific wireless interface to a zone.

[MyNameIsArko]

Code:

cat /etc/sysconfig/network/ifcfg-wlan0

BOOTPROTO='dhcp'
STARTMODE='hotplug'
WIRELESS_ESSID='ASUS'
WIRELESS_AUTH_MODE='psk'
WIRELESS_MODE='managed'
WIRELESS_WPA_PSK='[hidden]'
WIRELESS_AP_SCANMODE='1'
WIRELESS_NWID=''
ZONE=home

nmcli connection show wlan0:
https://susepaste.org/38622192

So the only open question here is - why interface name in installer was different.

It's strange as every other linux distribution with NetworkManager I tried always set up my wifi device as wlan0. Only here NetworkManager set it as wlo1. Maybe it didn't use it as it seen wlan0 as taken by something else.
But that's most likely not true as in your tests it was read and used without any problem.

[arvidjaar]

nmcli connection show wlan0:
https://susepaste.org/38622192

As expected:

Code:

connection.interface-name:              wlan0