Cannot Turn Off Firewall In YAST Firewall Section

English Network/Internet
1

I did a fresh install of Tumbleweed a couple of days ago. Previously, in YAST in the Firewall section, there was an option to merely turn the firewall off. In this new install, I cannot find that option. The firewall is blocking my network printer, scanner and other services, which is truly annoying. I have no idea how to go through and enable all the services necessary to get everything to work with the firewall and wish to just turn it off. Could someone help me figure out how to disable the firewall completely?

Thanks!

2

Which firewall is installed? SUSEfirewall2 or firewalld or even both?

3

S | Name | Type | Version | Arch | Repository
—±-----------------±------------±------------±-------±-----------------------
i | Firewall | application | | noarch | openSUSE-Tumbleweed-Oss
i+ | firewall-config | package | 0.4.4.6-4.2 | noarch | openSUSE-Tumbleweed-Oss
i | firewalld | package | 0.4.4.6-4.2 | noarch | openSUSE-Tumbleweed-Oss
i | firewalld-lang | package | 0.4.4.6-4.2 | noarch | openSUSE-Tumbleweed-Oss
i | python3-firewall | package | 0.4.4.6-4.2 | noarch | openSUSE-Tumbleweed-Oss
i | yast2-firewall | package | 4.0.8-1.2 | noarch | openSUSE-Tumbleweed-Oss

zenarcher@linux-i7uy:~> systemctl status SuSEfirewall2
Unit SuSEfirewall2.service could not be found.

firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: di
Active: active (running) since Thu 2018-01-25 08:12:32 CST; 5h 43min ago
Docs: man:firewalld(1)
Main PID: 805 (firewalld)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/firewalld.service
└─805 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid
It appears to me that it’s firewalld only.

4

https://forums.opensuse.org/showthread.php/529287-Update-after-kernel-14-11-1-killed-firewall-in-YaST?p=2852614&posted=1#post2852614

…check in YaST Servie Manager, which firewall is running. Turn off susefirewall2 and turn on firewalld and you can configure it via YaST. Although:

https://forums.opensuse.org/showthread.php/529169-yast2-firewall-launches-firewalld-GUI-since-most-recent-dup

Sorry, I was late. Your problem is not mentioned in any of these threads…

5

You should be able to start/stop the firewalld service via YAST service manager anytime you want to.

6

There currently is no YaST Firewall module, it just starts firewalld’s config tool.
No idea if that allows to turn off the firewall, never used it myself.

You can stop the firewall with “systemctl stop firewalld.service” or completely disable it with “systemctl disable firewalld.service”.
Or use YaST->System->Services Manager.

7

Thank you, everyone. I now have the firewall shut off.

8

Would any moderators / much smarter than me people be opposed to adding information on the openSUSE wiki about Troubleshooting the firewalld?

https://en.opensuse.org/Firewalld

When I started the new Firewalld module after the snapshot update, it didn’t automatically start / enable firewalld so the module was just spinning waiting to connect.

Also, the upgrade left the Susefirewall2 active / enabled so perhaps a note about disabling that would be good as well.

Thoughts?

-Nathan

9

I would not be opposed to that, but I won’t do it myself as I don’t use Tumbleweed and never used firewalld either… :wink:

When I started the new Firewalld module after the snapshot update, it didn’t automatically start / enable firewalld so the module was just spinning waiting to connect.

Also, the upgrade left the Susefirewall2 active / enabled so perhaps a note about disabling that would be good as well.

Thoughts?

Somebody should probably file a bug report about that.
But I suppose the “migration” is just still work in progress… Or SuSEfirewall2 is left installed/running on purpose to not disrupt people’s systems/firewalls when updating.
And probably firewalld is started fine on a fresh installation, and SuSEfirewall2 not installed at all. Haven’t tried that yet though.

10

I will go ahead and add the information as well as file a bug report. You are probably correct that it was left in place as to not disrupt people’s systems when upgrading. I had to set the rules as nothing carried over. No problem though. I know what I’ve gotten into with Tumbleweed. :slight_smile:

11

Check the firewall-cmd man pages. No RTFM intended,


# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry docker-swarm dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target kadmin kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls managesieve mdns minidlna mosh mountd ms-wbt mssql murmur mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server

And next f.e.


# firewall-cmd --permanent --add-service=http
success
12

I added the Troubleshooting section, adding what I had to do to fix my Firewalld problem in wiki:

https://en.opensuse.org/Firewalld

I am sure that there may be a better way of wording it or a quicker CLI method but I don’t know those details.

13

Just wondering if anyone knows whether there is any current effort to modify YaST to support firewalld.

Assuming at the moment that the time and effort to do this should be next to trivial.
Although I don’t have the time at the moment (have to finish current projects), I assume the current YaST Firewall module must be on github (or OBS)… So assuming current code is “well written” it shouldn’t be difficult to insert the necessary code to detect a TW install and issue firewalld directives (At the moment I assume you can’t simply test for existence of firewalld since it seems that both SuSEfirewall2 and firewalld are both installed although only one is enabled).

TSU

14

…ehm, but Yast supports firewalld already. Did you try?

15

Didn’t, but was commenting based on posts.

In any case, installed a new TW before posting and I see that YaST installs the firewalld GUI configurator “firewall-config” and now forwards the YasT firewall module link to firewall-config instead. Should be sufficient until someone might want to go back to SuSEfirewall2… I assume that all that would be required should be to remove the re-direction however it’s done…

TSU

16

Not really.

It currently just runs firewall-config (which is a tool shipped with firewalld, uses GTK I think), but that doesn’t work in text mode.
As mentioned, you can also use firewall-cmd to configure it though.

17

And the old module (i.e. the code) would need to be added back I suppose… :wink:

From the yast2-firewall package changelog:

Thu Oct 26 11:34:59 UTC 2017 - knut.anderssen@suse.com
 
- Remove support for SuSEFirewall2 in firewall client supporting
  only firewalld (fate#323460)
- 4.0.0