Interface name in firewalld

jcdole · November 19, 2021, 8:21pm

Hello.
Step 1 : clean install of leap 15.3 on an 15.2 computer with format of system partitions. Network is configured to use NetworkManager.
Step 2 : Change the name of the Ethernet interface from eth0 to MACHINENAME_eth0

What interface name should I read in the firewalld configuration ?
If it is not the interface name of the configured one in NetworkManager, should I change the name of the Ethernet interface in firewalld myself?

Any help is welcome

jcdole · November 21, 2021, 4:18pm

ip a show :

**:~ #** ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo 
       valid_lft forever preferred_lft forever
 
2: G731GV_eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 
    link/ether 04:d4:c4:7a:f1:e6 brd ff:ff:ff:ff:ff:ff
    altname eno2 
    altname enp3s0 
    inet 192.168.130.60/24 brd 192.168.130.255 scope global dynamic noprefixroute G731GV_eth0
       valid_lft 81560sec preferred_lft 81560sec
 
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 
    link/ether d4:d2:52:a4:6f:50 brd ff:ff:ff:ff:ff:ff
    altname wlo1 
    altname wlp0s20f3
 
4: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 
    link/ether 00:0e:c6:b9:7f:7a brd ff:ff:ff:ff:ff:ff
    altname enp0s20f0u1u1

nmcli show :

**:~ #** nmcli d s 
DEVICE         TYPE      STATE         CONNECTION        
G731GV_eth0    ethernet  connected     CON0_ETH0_G731GV
wlan0          wifi      disconnected  --
p2p-dev-wlan0  wifi-p2p  disconnected  --
eth1           ethernet  unavailable   --
lo             loopback  unmanaged     --

ls /sys/class/net show :

[FONT=monospace]**:~ #** ls /sys/class/net 
eth1  G731GV_eth0  lo  wlan0 [/FONT]

firewall-cmd show :

**:~ #** firewall-cmd --list-interfaces          
eth0 G731GV_eth0

firewall-cmd show :

**:~ #** firewall-cmd --list-all --zone=external 
external (active) 
  target: default 
  icmp-block-inversion: no 
  interfaces: G731GV_eth0 eth0 
  sources:  
  services: ssh 
  ports: 11945/tcp 12945/tcp 13945/tcp 
  protocols:  
  forward: no 
  masquerade: yes 
  forward-ports:  
  source-ports:  
  icmp-blocks:  
  rich rules:

firewall GUI show :

Picture 1 : https://paste.opensuse.org/456425

Picture 2 : https://paste.opensuse.org/38566592

Any help is welcome

arvidjaar · November 21, 2021, 6:20pm

And your question is … ?

karlmistelberger · November 22, 2021, 11:27am

I am happy with eth0 and wlan0:

[FONT=monospace]**i3-4130:~ #** networkctl  
IDX LINK  TYPE     OPERATIONAL SETUP     
  1 lo    loopback **carrier    ** unmanaged 
  2 eth0  ether    off         unmanaged 
  3 wlan0 wlan     **routable   ****configured**

3 links listed. 
**i3-4130:~ #**[/FONT]

Change made in grub:

**i3-4130:~ #** grep net.ifnames=0 /etc/default/grub 
GRUB_CMDLINE_LINUX_DEFAULT="quiet plymouth.enable=0 **net.ifnames=0** mitigations=auto" 
**i3-4130:~ #**

Both devices are manged by systemd-networkd: https://en.opensuse.org/Network_Management_With_Systemd Network issues are virtually gone since switching in March 2019.

jcdole · November 25, 2021, 1:56pm

Why firewall–cmd show two device name and not only the new device names fixed with nmcli commands.

**:~ #** firewall-cmd --list-interfaces
eth0 G731GV_eth0

Why yast2 firrewalld show the old device name and not only the new device names fixed with nmcli commands.

Picture 1 : https://paste.opensuse.org/456425

Picture 2 : https://paste.opensuse.org/38566592

arvidjaar · November 25, 2021, 2:44pm

It shows your static configuration, which defines that zone external is assigned to interface eth0. It is irrelevant whether this interface actually exists in the system. When it becomes available it will be using rules from zone “external”. It is also irrelevant whether this interface was renamed at run time - it does not change static permanent configuration.

jcdole · November 25, 2021, 4:19pm

Thank you very much.

jcdole · November 25, 2021, 7:05pm

Change are permanent.

#
#####################################
#                                                #
#    ¤/etc/udev/rules.d/99-my-net.rules¤
#                                                #
#####################################
#
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="04:d4:c4:7a:f1:e6", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="G731GV_eth0"

Is firewalld protecting a zone with an interface that does not exists :
from firewalld yast config :

Interface , eth0 , external
and
zones , external , eth0 , default

Nothing alert me, when I change the the device name or at each boot, that the firewalld config is inconsistent.