Hoping someone can point a relative novice in the right direction.
Upgraded from SuSE 11.2 to Leap 15.
Running: Apache2, Ssh and samba
Apache2 web server listening on ports 80 & 443 and websites are SSL certified using Let’s Encrypt
Ssh is used mainly from within the LAN but on a rare occasion remotely too.
Samba is being used so that MS windows Laptops and Desktops within the LAN and via a VPN (VPN configured and maintained by two Draytek Routers) can access files on the server by mapping a network drive.
All’s working well.
Having completed this I now want to get the SuSEfirewall up and running too and this is where I’m having problems.
It’s installed and I can start and stop it etc. I gather that the main configuration file is found at: /etc/sysconfig/SuSEfirewall2 and I’ve used the file at /etc/sysconfig/scripts/SuSEfirewall2-custom for blocking persistent ip addresses from accessing the server on my old box.
When I start the service by default ALL access to the server is blocked.
Having looked at the main config file it’s huge and I’m lost as to what to edit and or add to it.
Can somebody please help me open up access from my LAN and VPN and open up access to my Web Server and SSH from the WAN as i haven’t got a clue where to start.
Googling the problem only confuses the issue further.
As Henk mentioned, openSUSE has moved to using firewalld as the default firewall, and this is mentioned in the openSUSE Leap 15.0 release notes.
Having said that, for those that have upgraded from earlier versions, there may be a requirement to continue using SuSEfirewall2 for the immediate future, so that is still possible.
The status of either firewall framework can be checked with
sudo systemctl status SuSEfirewall2
sudo systemctl status firewalld
and of course both should not be active at the same time.
Firewalld does not currently have a YaST module for configuration, but there is both a CLI (firewall-cmd) and a GUI interface (firewall-config) available for it, and it is the latter that is called via YaST > Firewall.
It’s been awhile since I’ve upgraded a machine to LEAP15, but IIRC upgrades retain SuSEfirewall2.
For upgraders, you can choose to keep SuSEfirewall2 or modify to use firewalld, I don’t know that choosing either makes much of difference today.
If you’d like to keep using SuSEfirewall2, you might check whether the service is just not running, you can verify its state by running the following (Note the Camerl case)
systemctl status SuSEfirewall2
You may also have problems with your upgrade, I haven’t had too many successes jumping directly from a much older version of openSUSE without going through each intermediate version. You might want to make contingency plans in case you begin to see things don’t work as well as they’re supposed to.