I did a fresh install of Tumbleweed a couple of days ago. Previously, in YAST in the Firewall section, there was an option to merely turn the firewall off. In this new install, I cannot find that option. The firewall is blocking my network printer, scanner and other services, which is truly annoying. I have no idea how to go through and enable all the services necessary to get everything to work with the firewall and wish to just turn it off. Could someone help me figure out how to disable the firewall completely?
There currently is no YaST Firewall module, it just starts firewalld’s config tool.
No idea if that allows to turn off the firewall, never used it myself.
You can stop the firewall with “systemctl stop firewalld.service” or completely disable it with “systemctl disable firewalld.service”.
Or use YaST->System->Services Manager.
When I started the new Firewalld module after the snapshot update, it didn’t automatically start / enable firewalld so the module was just spinning waiting to connect.
Also, the upgrade left the Susefirewall2 active / enabled so perhaps a note about disabling that would be good as well.
I would not be opposed to that, but I won’t do it myself as I don’t use Tumbleweed and never used firewalld either…
When I started the new Firewalld module after the snapshot update, it didn’t automatically start / enable firewalld so the module was just spinning waiting to connect.
Also, the upgrade left the Susefirewall2 active / enabled so perhaps a note about disabling that would be good as well.
Thoughts?
Somebody should probably file a bug report about that.
But I suppose the “migration” is just still work in progress… Or SuSEfirewall2 is left installed/running on purpose to not disrupt people’s systems/firewalls when updating.
And probably firewalld is started fine on a fresh installation, and SuSEfirewall2 not installed at all. Haven’t tried that yet though.
I will go ahead and add the information as well as file a bug report. You are probably correct that it was left in place as to not disrupt people’s systems when upgrading. I had to set the rules as nothing carried over. No problem though. I know what I’ve gotten into with Tumbleweed.
Just wondering if anyone knows whether there is any current effort to modify YaST to support firewalld.
Assuming at the moment that the time and effort to do this should be next to trivial.
Although I don’t have the time at the moment (have to finish current projects), I assume the current YaST Firewall module must be on github (or OBS)… So assuming current code is “well written” it shouldn’t be difficult to insert the necessary code to detect a TW install and issue firewalld directives (At the moment I assume you can’t simply test for existence of firewalld since it seems that both SuSEfirewall2 and firewalld are both installed although only one is enabled).
In any case, installed a new TW before posting and I see that YaST installs the firewalld GUI configurator “firewall-config” and now forwards the YasT firewall module link to firewall-config instead. Should be sufficient until someone might want to go back to SuSEfirewall2… I assume that all that would be required should be to remove the re-direction however it’s done…
It currently just runs firewall-config (which is a tool shipped with firewalld, uses GTK I think), but that doesn’t work in text mode.
As mentioned, you can also use firewall-cmd to configure it though.
And the old module (i.e. the code) would need to be added back I suppose…
From the yast2-firewall package changelog:
Thu Oct 26 11:34:59 UTC 2017 - knut.anderssen@suse.com
- Remove support for SuSEFirewall2 in firewall client supporting
only firewalld (fate#323460)
- 4.0.0