Firewall - looking like a crazy machine

After an upgrade the NFS connections are no longer working.
Apparently there were changes in the firewall
The current firewall is absolutely difficult to understand
I do not even know where to turn it off.
There is the dropDown with the “Runtime” and “Permanent” options … What are they for?
There is a window on the left with “block, dmz, drop, external … work” options, how to configure?
In the center of the screen have 10 titles to choose … which one do I choose?
For each title you have several options … which ones do I choose?
Please, could someone tell me which points I should configure and how do I do this?

This is looking like a crazy machine
Please … what should I do … at least to turn off Firewall because I need to work

I can tell you what I did.

NFS did not work, so I turned of the firewall. To do that, I used
Yast → System → Services Manager
and scrolled down to the line “firewalld”. Then I toggled both “Active” and “Enable” to turn off the firewall.

After that, NFS worked. And I should be clear that this change was on the server. I did not need to do anything on the NFS clients.

After that, I tried to work out how to get it working with the firewall running.

In the firewall configuration tool (started from Yast), I eventually did:

check the boxes for “mountd”, “nfs” and “nfs3”. Maybe I also had to check “rpc-bind” (I don’t remember if that was already checked). And then I found out about the Runtime and “Permanent”, so I switched to Permanent and checked those boxes again.

So now firewalld is running and NFS works. (Yes, I did use services manager to turn it on again).

But in what area did you make the changes? block, dmz, drop, external, home, internal, public, trusted, work …?
Do not have a button to save the setting?

I wasn’t sure about those, so I didn’t touch them. I just went with the default, which I think was “external”.

Do not have a button to save the setting?

I looked for a save button, but could not find one. Apparently it is saved automatically.

The default is “Public”. But they are just labels and only have any significance if you have multiple network interfaces and want to give them different rulesets.

I looked for a save button, but could not find one. Apparently it is saved automatically.

The changes are made instantly to the running firewall rules. There is an option to make them permanent, when they are saved in an xml file.
When configuring servers I found it easier to use text editor scripts on e.g. /etc/firewalld/zones/public.xml than using firewall-cmd.

After turning off the firewall, I received more of this “news”

sergio@audio:~> mount /mnt/asus
mount.nfs: requested NFS version or transport protocol is not supported

The two machines have the same Leap 15
What could be wrong?

I’m not sure. I just setup my NFS server to support both nfs3 and nfs4. I haven’t looked into what the clients really need. But I’m guessing that I’m only using nfs3, because I think nfs4 needs kerberos or similar authentication and I have not set that up.

This machine is also a client of a server that I have not updated for more than ten years … and the nfs connection works.
So I can say that the problem is on the new server on the Leap machine 15?
Is there any way to install an older nfs server in Leap 15?

The message bellow appears when I try to configure the server :

some firewalld services are not available:
-nfs-kernel-server (Not available)
These services must be defined in order to configure the firewall

How I fix it?

I installed “nfs-kernel-server” and “yast2-nfs-server”. I installed those as part of my original install. Everything else needed was already selected for install.

This is the most insane and idiotic UI that I have seen for ages!

How does one get out of this BS by aborting, i.e. by cancelling the changes made (for test f.e.)?!

The “Quit” menu item obviously REALLY means “Save and quit”.

Sick, sick, sick!

It seems that you are frustrated by something. Please take into account

  • that all here are openSUSE users like you that spend some spare time as volunteers to help other users;
  • that posting at the end of an old thread is not the way to draw attention to your problem, not many people will look at old threads, but many will look at new threads with a title that fits with their knowledge to help;
  • it maybe better in this case that not many will see it, because it contains almost no precise information on what you did and where exactly;
  • expressing frustration will shy people away from what should be a technical discussion and is thus contra productive when you want help.
  • and last but not least, I get the idea that your are very much near the boundaries of what is allowed in our T&C.

So please, start a new thread with a good title and better information about your problem/question.