I was holding off on deploying a few servers until 15.0 came out. I was going through my first 15.0 install (server mode / ssh) and got to the firewall configuration and received the message telling me yast has no firewall module and to please use firewall-config or firewall-cmd. zypper shows yast2-firewall is installed but SuSEfirewall2 is not. Before I tried to force the issue I figured I would ask if there’s been a change to how network / firewalls should be administered in this version.
Checked just now.
Although the graphical “yast2 firewall” forwards to firewall-config to configure firewalld,
There is no similar forwarding in text mode (at least as of today).
You will need to invoke “firewall-cmd” directly.
You can read the firewall-cmd MAN pages or view the help… which is very, very long…
firewall-cmd --help
If you feel more comfortable with the graphical ncurses text interface for SuSEFW2 and it supports what you want to do, I’m not aware that there should be any problem using it… After all, these or any other firewall management tool is just managing IP tables under the surface and AFAIK nothing SuSEFW2 configures is obviously faulty.
Yes, there’s been a move to using firewalld as SuSEfirewall2 has been deprecated. However, it’s still available if desired. https://en.opensuse.org/Firewalld
systemctl enable firewalld
systemctl start firewalld
then either use the graphical UI (firewall-config) via YaST, or the CLI tool ‘firewall-cmd’.
Thank you, your reply came right as I was completing a 15.0 install in my home lab. That is a pretty hefty man-page however a quick search for firewall-cmd tutorials got me zones and ssh setup in < 10 minutes so it’s not so bad. I hope text yast2 firewall returns soon.
This would be a pity. Text yast config and autoyast are THE reason I’ve pushed OpenSuSE as the standard in our enterprise. It’s the only way I’ve ever seen 2+ different admins ssh into a server and arrive at the same config without copy/pasting which does wonders for standardization. I do hope firewalld gets at least a basic text interface.
Is there a guide someplace for text yast plugin dev?
As of today,
No matter what the documentation says,
yast (not the graphical yast2) firewall does not forward to anything that works, the result is an error.
And,
IMO firewall-cmd is pretty intimidating the first time it’s launched compared to SuSEFW2 in ncurses mode. SuSEFW2 may be simplistic but that was part of its usability to support most common needs. It wouldn’t win many awards for supporting complexity, but it was easy to use. The initial bar for usability has been raised considerably with firewall-cmd.
That said, I can appreciate features firewalld has that don’t exist in SuSEFW2.
FWIW, Red Hat (and Fedora) have the system-config-firewall-tui (ncurses utility) for firewalld configuration. It would probably represent the easiest way to provide such an interface…
So far I have two solutions for server setups without GUI:
completely deinstall the firewall (easy and works 100%)
delve into the depths of the new system and try to manage the system with the new tools (hard and will require lots of effeort to get it working right)
Those days new systems are introduced without having a working replacement for previous usable features; sad.
No, Firewall-config does not fulfill the gap missing from the text base Yast configuration. Yast allows the IT generalist to simply configure the firewall on servers with no GUI. This requires little to no training for opening simple ports, and all other management of the openSUSE server is easily managed in Yast. the Firewall-cmd is **** for nerds. And now the IT generalist would have a different workflow to manage the server, which is stupid. Yast should be the management point for the firewall and should support the text mode, Yast is what makes openSUSE better than other distributions and makes it easy to have administrators that are not Linux GURU’s manage basic management tasks.
While I largely agree,
I also can see some capability in firewalld that doesn’t exist in SuSEFW2.
But,
(whispering)
It’s possible at least in current LEAP to uninstall firewalld and re-install the SuSEFW2 that’s existed in all previous versions of openSUSE, along with its ncurses mode for systems without graphical Desktops.