Update after kernel 14.11.1 killed firewall in YaST

suse_rasputin · January 25, 2018, 8:11pm

Hi!

Several machines, all TW 64bit KDE, most plain vanilla re Repos. I wanted to access the firewall (which I configured appropriately after installing TW, the news machine I set up is from 09-JAN-2018), but to my surprise I get the message:

These packages need to be installed:

firewall-config

OK, I did that (on all machines), but afterwards from the Firewall in Yast a new window opens (greyed out, but looking totally different than Firewall before looked…), with a small window:

Trying to connect to firewalld, waiting…

which has a “Quit” button and never finishes with waiting.

Updating to the latest TW doesn’t help.

So apparently the firewall is gone, not running, not reachable to YaST on all TW, except for one install with kernel 14.11.1, which still has the old (functional) Firewall section in YaST.

Any ideas?

wolfi323 · January 25, 2018, 8:16pm

This is unrelated to the kernel.
Tumbleweed switched from SuSEFirewall2 to firewalld.

Make sure that the firewalld.service is enabled, and configure it appropriately.
Probably best to uninstall SuSEFirewall2 though, or both may be running…

See also https://forums.opensuse.org/showthread.php/529169-yast2-firewall-launches-firewalld-GUI-since-most-recent-dup

suse_rasputin · January 25, 2018, 8:37pm

No way to use the old one and kick off the fwd stuff (which is still version 0.x) for now?

wolfi323 · January 25, 2018, 8:51pm

Sure, should be possible, I suppose.
Enable SuSEfirewall2.service then and make sure firewalld.service is disabled (or uninstall it).

You won’t be able to configure it via YaST though, which currently just runs firewalld’s config utility.
You’d need to edit /etc/sysconfig/SuSEfirewall2 by hand (either with a text editor or with YaST->System->/etc/sysconfig editor).

Both are just “frontends” to the kernel’s iptables though, so the 0.x version number should not matter anyway (and firewalld is already used for a while in other distributions).

suse_rasputin · January 25, 2018, 8:54pm

…if I see it correctly in Services Manager, the Susefirewall2 is active and running, I just can’t reach it via YaST? Is that correct?

PS: Saw your latest post just after posting. So I have the same firewall up and running, as long as I don’t want to edit the config I’m just fine.

Good to know, otherwise I would have to spend half the night configuring firewalls. So I can move one after the other…