Firewalld rules not showing in iptables

suseoes · September 26, 2021, 12:27pm

Hello,

I’ve install OpenSUSE 15.3 and updated to latest. I setup firewall using “sudo yast” to open some TCP port and it works well, but I find these TCP rules are not showing in “sudo iptables -S”.

See below:


# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: em1
  sources:
  services:
  ports: 22/tcp 8080-9999/tcp 8080-9999/udp
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


# iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

Some one meet the same problem? Is OpenSUSE 15.3 abandon “iptables”? Thank you.

arvidjaar · September 26, 2021, 12:49pm

Firewalld changed default backend to nftables and openSUSE does not enforce iptables.

rico.bolo.06 · October 5, 2021, 3:29pm

Hello,
Does somebody knows why some onglets (like ports, ipAdress, ipset…) are missing in leap 15.2. I have only services and ports displayed.
Thank

dcurtisfra · October 5, 2021, 5:43pm

Presuming that, you mean the GUI called by “firewall-config” and, that by “onglet” you mean “Tab” –

Could it be that, you need to resize – enlarge – the “firewall-config” GUI window?
*=2]What happens when, you “mouse-over” the right hand edge of the window and, click-pull that edge to the right?

suseoes · October 30, 2021, 8:55am

Go to “what is correct way to setup firewall rules?”
https://forums.opensuse.org/showthread.php/561560-what-is-correct-way-to-setup-firewall-rules

Miuku · October 30, 2021, 9:32am

Or you can just switch back to iptables by editing /etc/firewalld/firewalld.conf and changing **FirewallBackend=nftables **to **FirewallBackend=iptables **and issuing systemctl restart firewalld