Firewall doesn't detect network interfaces unless they were previously configured with wicked

Hello.

I was planning to submit this as a bug, but I tough it would be wise to ask first:
Is this the intended behaviour of the firewall?
If no, should I report this?

Steps to reproduce
1.Fresh install of openSUSE 13.2 with Ethernet, not wifi
2.Open firewall with YaST → Interfaces (wlp3s0 is missing)
3.Network Settings → pick wicked → configure wireless interface, connecting to an available wifi spot → pick NetworkManager again
4.Open firewall with YaST → Interfaces(wlp3s0 is there now)

I am not an expert, if you need me to do something, I am gonna need a lot of hand-holding

Thanks in advance

I had that problem or one like it in my case Wicked does not work so the Net goes to NetworkManager but the interface never was set so I had to temp set things to wicked to set the interface to allow the firewall to come up then switch back to NM. So I wonder how many people are running without a firewall???

I did not notice it until I went to set up samba which would not work with the firewall down

So, yes or no?
I didn’t find anything in bugzilla.
Maybe I missed it?

I did not report it because it was a wicked failure in my case

Bug, assuming it is, submitted here

EDIT: Can this thread be closed now?

On 2015-05-03 03:56, GreenMint wrote:

> EDIT: Can this thread be closed now?

Threads are not closed on these parts :slight_smile:


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Thanks for providing the link. This enables people to add comment to the bug report.

Threads are not closed normally. People might want to add something to it. And that might be important for others, you included.

gogalthorp wrote:

>
> I had that problem or one like it in my case Wicked does not work so the
> Net goes to NetworkManager but the interface never was set so I had to
> temp set things to wicked to set the interface to allow the firewall to
> come up then switch back to NM. So I wonder how many people are running
> without a firewall???
>
> I did not notice it until I went to set up samba which would not work
> with the firewall down
>
>

Waves hand here… :frowning:

Brand spanking new Tosh lappy, completely wiped it and installed 13.2 over
the last couple of days, never thought about checking the firewall (or
should I say not got round to it yet ) after seeing this thread I just
checked and same here.

No firewall

not even set to enable

so I started it but no adapters at all, but all are working fine, no probs
at the moment as I am behind my router which is clamped pretty tight but
while I am away from that I am leeching using my phone tetherd through usb.

Thanks for pointing this out gogalthorp.

So I take it that all I need to do is cange over from NM get eth and wifi
set using wikd and then set firewall, go back to NM and all will be fine??

Bit late now to start…

Funny though never had this problem before in all the 13.2 installs just on
this new laptop

Cheers…

Mark

(as you cab see I have not even set my usual footer up yet)

:wink:

Mark Christie wrote:

> gogalthorp wrote:
>
>>
>> I had that problem or one like it in my case Wicked does not work so the
>> Net goes to NetworkManager but the interface never was set so I had to
>> temp set things to wicked to set the interface to allow the firewall to
>> come up then switch back to NM. So I wonder how many people are running
>> without a firewall???
>>
>> I did not notice it until I went to set up samba which would not work
>> with the firewall down
>>
>>
>
>
> Waves hand here… :frowning:
>
> Brand spanking new Tosh lappy, completely wiped it and installed 13.2 over
> the last couple of days, never thought about checking the firewall (or
> should I say not got round to it yet ) after seeing this thread I just
> checked and same here.
>
> No firewall
>
> not even set to enable
>

<snippity snip my drivel>

Put comment on bugzilla as well…

( I hate this keyboard, must plug a proper one in, so sensitive for my fat
fingers, took me 10 mins just to type this ) ha ha ha :slight_smile:


Mark
Nullus in verba
Caveat emptor
Nil illigitimi carborundum

Yes all should check to see if the Firewall is running. Don’t assume it is. If it is not running you get no error messages unless you try to add a port or service. or otherwise deal with it. You just don’t have any firewall protection.

Set net to wicked set the set a interface name switch back to NM enable start at boot and that should be it It needs the Interface string for the Firewall to work and it appears that if wicked fails to start no interface string is created.

gogalthorp wrote:

>
> Yes all should check to see if the Firewall is running. Don’t assume it
> is. If it is not running you get no error messages unless you try to add
> a port or service. or otherwise deal with it. You just don’t have any
> firewall protection.
>
> Set net to wicked set the set a interface name switch back to NM enable
> start at boot and that should be it It needs the Interface string for
> the Firewall to work and it appears that if wicked fails to start no
> interface string is created.
>

Cheers that is for the morning, no great problem here at the moment but will
need firewall when I go out and about, plus I don`t trust my typing on this
keyboard in the dark :slight_smile: especially after a few beers…

just catching up and having fun :slight_smile:


Mark
Nullus in verba
Caveat emptor
Nil illigitimi carborundum

Well I thought I would give it a go and Lo and behold worked perfectly.

Did not even drop off net cos I am using phone for net at the moment lol!

Thanks very muchly gogalthorp I would have probably been wandering round all week with no firewall and I do need one in some of the paces I am going.

Cheers, all the best.

Now where is the tinny of golden liquid :slight_smile:

On 2015-05-03 02:46, gogalthorp wrote:
>
> I had that problem or one like it in my case Wicked does not work so the
> Net goes to NetworkManager but the interface never was set so I had to
> temp set things to wicked to set the interface to allow the firewall to
> come up then switch back to NM. So I wonder how many people are running
> without a firewall???
>
> I did not notice it until I went to set up samba which would not work
> with the firewall down

I just noticed a mail on the factory mail list, from whom I think may be
a wicked maintainer:

|> Another frequent source of problems is default requirement to wait for
|> device’s link to be present. This can be avoided by adding extra
|> LINK_REQUIRED=no into the ifcfg file of a given interface (more can be
|> found in man ifcfg(5)).

Subject «network breakdowns in TW (was: Road-map for…)»

(I don’t have a link, but if somebody needs it and can’t find it, I’ll
search it).


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

My method works to get the Firewall back but and it would be nice if my chip set worked with wicked but the problem is that the firewall fails without any notice to the user. SoI’m sure we have people out there that don’t even know that the firewall is not running. I did not until about a week after the install when I set up samba

With all this talk about “checking if the firewall is running”, you got me worried.
I only wanted the wifi interface to show up. I assumed that the firewall was running for ethernet (and now wifi)

So, how do I check if the firewall is running? iptables -L, maybe?

Carlos E. R. wrote:

> On 2015-05-03 02:46, gogalthorp wrote:
>>
>> I had that problem or one like it in my case Wicked does not work so the
>> Net goes to NetworkManager but the interface never was set so I had to
>> temp set things to wicked to set the interface to allow the firewall to
>> come up then switch back to NM. So I wonder how many people are running
>> without a firewall???
>>
>> I did not notice it until I went to set up samba which would not work
>> with the firewall down
>
> I just noticed a mail on the factory mail list, from whom I think may be
> a wicked maintainer:
>
>
> |> Another frequent source of problems is default requirement to wait for
> |> device’s link to be present. This can be avoided by adding extra
> |> LINK_REQUIRED=no into the ifcfg file of a given interface (more can be
> |> found in man ifcfg(5)).
>
> Subject «network breakdowns in TW (was: Road-map for…)»
>
> (I don’t have a link, but if somebody needs it and can’t find it, I’ll
> search it).
>
>

Thanks for that Carlos,

However ( and this is not a slight on the maintainer ) but surely this
should have been noticed in testing, I know I have been off the scene for a
bit but it even caught me out as I am so used to it being “automagically”
being set.

Which as I said in one post has had me wandering round for 3/4 days with no
firewall, bad show I am afraid :wink:

Cheer


Mark
Nullus in verba
Caveat emptor
Nil illigitimi carborundum

On 2015-05-05 19:45, Baskitcaise wrote:
> Carlos E. R. wrote:

> However ( and this is not a slight on the maintainer ) but surely this
> should have been noticed in testing, I know I have been off the scene for a
> bit but it even caught me out as I am so used to it being “automagically”
> being set.
>
> Which as I said in one post has had me wandering round for 3/4 days with no
> firewall, bad show I am afraid :wink:

Well, wicked is one of the things that made me decide not to upgrade to
13.2 (and not because of this particular issue). You know that in Linux
things are really tested only after released in the stable release… :wink:

And be aware, that they are about to change it again. There is a new
service in systemd to handle network natively.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Carlos E. R. wrote:

> Well, wicked is one of the things that made me decide not to upgrade to
> 13.2 (and not because of this particular issue). You know that in Linux
> things are really tested only after released in the stable release… :wink:
>
> And be aware, that they are about to change it again. There is a new
> service in systemd to handle network natively.
>

Oh dear I am “SO” looking forward to that (tongue placed firmly in cheek)

Cheers.


Mark
Nullus in verba
Caveat emptor
Nil illigitimi carborundum

GreenMint wrote:

>
> With all this talk about “checking if the firewall is running”, you got
> me worried.
> I only wanted the wifi interface to show up. I assumed that the firewall
> was running for ethernet (and now wifi)
>
> So, how do I check if the firewall is running? iptables -L, maybe?
>
>

code:
/usr/sbin/rcSuSEfirewall2 status
/code

On 2015-05-06 09:49, graham wrote:
> GreenMint wrote:
>
>> So, how do I check if the firewall is running? iptables -L, maybe?

> code:
> /usr/sbin/rcSuSEfirewall2 status
> /code

No need for the path - assuming you ‘su -’ first:


SuSEfirewall2 status
or
rcSuSEfirewall2 status

The first one gives the iptables output.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))