Hoping someone can point a relative novice in the right direction.
Upgraded from SuSE 11.2 to Leap 15.
Running: Apache2, Ssh and samba
Apache2 web server listening on ports 80 & 443 and websites are SSL certified using Let’s Encrypt
Ssh is used mainly from within the LAN but on a rare occasion remotely too.
Samba is being used so that MS windows Laptops and Desktops within the LAN and via a VPN (VPN configured and maintained by two Draytek Routers) can access files on the server by mapping a network drive.
All’s working well.
Having completed this I now want to get the SuSEfirewall up and running too and this is where I’m having problems.
It’s installed and I can start and stop it etc. I gather that the main configuration file is found at: /etc/sysconfig/SuSEfirewall2 and I’ve used the file at /etc/sysconfig/scripts/SuSEfirewall2-custom for blocking persistent ip addresses from accessing the server on my old box.
When I start the service by default ALL access to the server is blocked.
Having looked at the main config file it’s huge and I’m lost as to what to edit and or add to it.
Can somebody please help me open up access from my LAN and VPN and open up access to my Web Server and SSH from the WAN as i haven’t got a clue where to start.
Googling the problem only confuses the issue further.
Had a quick look and again by default all services are blocked and i’m at the mo completely stuck about how to start with this so i’ll try after tea later.
As Henk mentioned, openSUSE has moved to using firewalld as the default firewall, and this is mentioned in the openSUSE Leap 15.0 release notes.
Having said that, for those that have upgraded from earlier versions, there may be a requirement to continue using SuSEfirewall2 for the immediate future, so that is still possible.
The status of either firewall framework can be checked with
sudo systemctl status SuSEfirewall2
sudo systemctl status firewalld
and of course both should not be active at the same time.
Firewalld does not currently have a YaST module for configuration, but there is both a CLI (firewall-cmd) and a GUI interface (firewall-config) available for it, and it is the latter that is called via YaST > Firewall.
As you can see on almost every page on these forums and on other openSUSE websites, making an extra camel-hump inside openSUSE is not as it is spelled (already for many, many years, even during 11.2).
This maybe a minor remark (and it is, we will try to help you nevertheless), but it is as irritating as it is for everybody who sees her/his name misspelled.
It’s been awhile since I’ve upgraded a machine to LEAP15, but IIRC upgrades retain SuSEfirewall2.
For upgraders, you can choose to keep SuSEfirewall2 or modify to use firewalld, I don’t know that choosing either makes much of difference today.
If you’d like to keep using SuSEfirewall2, you might check whether the service is just not running, you can verify its state by running the following (Note the Camerl case)
systemctl status SuSEfirewall2
You may also have problems with your upgrade, I haven’t had too many successes jumping directly from a much older version of openSUSE without going through each intermediate version. You might want to make contingency plans in case you begin to see things don’t work as well as they’re supposed to.
I do like to backup config files periodically and firewalld.conf has now been added to my list of files to backup but where are blocked IP addresses stored?
This will allow me to backup this file too, i’m asking because the SUSEfirewall2 stored this data in a custom config file and therefore i’m assuming that this firewall does the same.
Having used the command: firewall-cmd --permanent --zone=trusted --add-rich-rule=“rule family=ipv4 source address=115.44.0.0/16 reject” for example and restarted firewalld.
Tthen offered the command: firewalld-cmd --list-all
my rule is listed and is working ok.
No such entries appear in the config file /etc/firewalld/firewalld.conf
