text yast firewall config

I was holding off on deploying a few servers until 15.0 came out. I was going through my first 15.0 install (server mode / ssh) and got to the firewall configuration and received the message telling me yast has no firewall module and to please use firewall-config or firewall-cmd. zypper shows yast2-firewall is installed but SuSEfirewall2 is not. Before I tried to force the issue I figured I would ask if there’s been a change to how network / firewalls should be administered in this version.

If I read the documentation correctly 1.4.3.7 says this should work:
https://doc.opensuse.org/documentation/leap/reference/book.opensuse.reference_color_en.pdf

Since the transition from ifconfig to ip address I’m not assuming anything anymore. :slight_smile:

Any pointers in the right direction appreciated. Thank you.

Checked just now.
Although the graphical “yast2 firewall” forwards to firewall-config to configure firewalld,
There is no similar forwarding in text mode (at least as of today).
You will need to invoke “firewall-cmd” directly.

You can read the firewall-cmd MAN pages or view the help… which is very, very long…

firewall-cmd --help

If you feel more comfortable with the graphical ncurses text interface for SuSEFW2 and it supports what you want to do, I’m not aware that there should be any problem using it… After all, these or any other firewall management tool is just managing IP tables under the surface and AFAIK nothing SuSEFW2 configures is obviously faulty.

HTH,
TSU

Yes, there’s been a move to using firewalld as SuSEfirewall2 has been deprecated. However, it’s still available if desired.
https://en.opensuse.org/Firewalld

systemctl enable firewalld
systemctl start firewalld

then either use the graphical UI (firewall-config) via YaST, or the CLI tool ‘firewall-cmd’.

A graphical guide…
http://www.firewalld.org/documentation/utilities/firewall-config.html

The man pages

man firewalld
man firewall-config
man firewall-cmd

Thank you, your reply came right as I was completing a 15.0 install in my home lab. That is a pretty hefty man-page however a quick search for firewall-cmd tutorials got me zones and ssh setup in < 10 minutes so it’s not so bad. I hope text yast2 firewall returns soon.

For anybody else

firewall-cmd --get-active-zones
firewall-cmd --zone=public --add-port=22/tcp --permanent

and then a reload got me what I needed.

I doubt that we’ll see a YaST-specific GUI. In any case the graphical ‘firewall-config’ utility fulfils this purpose for those that prefer such tools.

This would be a pity. Text yast config and autoyast are THE reason I’ve pushed OpenSuSE as the standard in our enterprise. It’s the only way I’ve ever seen 2+ different admins ssh into a server and arrive at the same config without copy/pasting which does wonders for standardization. I do hope firewalld gets at least a basic text interface.

Is there a guide someplace for text yast plugin dev?

Here you go…
http://yast.opensuse.org/documentation
http://yast.opensuse.org/modules

As of today,
No matter what the documentation says,
yast (not the graphical yast2) firewall does not forward to anything that works, the result is an error.

And,
IMO firewall-cmd is pretty intimidating the first time it’s launched compared to SuSEFW2 in ncurses mode. SuSEFW2 may be simplistic but that was part of its usability to support most common needs. It wouldn’t win many awards for supporting complexity, but it was easy to use. The initial bar for usability has been raised considerably with firewall-cmd.

That said, I can appreciate features firewalld has that don’t exist in SuSEFW2.

TSU

That’s why the OP was asking about yast development…

Is there a guide someplace for text yast plugin dev?

FWIW, Red Hat (and Fedora) have the system-config-firewall-tui (ncurses utility) for firewalld configuration. It would probably represent the easiest way to provide such an interface…

https://www.techrepublic.com/article/how-to-easily-manage-centos-firewalld-with-an-ncurses-tool/

So far I have two solutions for server setups without GUI:

  1. completely deinstall the firewall (easy and works 100%)
  2. delve into the depths of the new system and try to manage the system with the new tools (hard and will require lots of effeort to get it working right)

Those days new systems are introduced without having a working replacement for previous usable features; sad.

So long,
Marc

No, Firewall-config does not fulfill the gap missing from the text base Yast configuration. Yast allows the IT generalist to simply configure the firewall on servers with no GUI. This requires little to no training for opening simple ports, and all other management of the openSUSE server is easily managed in Yast. the Firewall-cmd is **** for nerds. And now the IT generalist would have a different workflow to manage the server, which is stupid. Yast should be the management point for the firewall and should support the text mode, Yast is what makes openSUSE better than other distributions and makes it easy to have administrators that are not Linux GURU’s manage basic management tasks.

While I largely agree,
I also can see some capability in firewalld that doesn’t exist in SuSEFW2.

But,
(whispering)
It’s possible at least in current LEAP to uninstall firewalld and re-install the SuSEFW2 that’s existed in all previous versions of openSUSE, along with its ncurses mode for systems without graphical Desktops.

TSU