WWAN and SUSEfirewall2

I’ve got a laptop with an umts module. I opened the Yast firewall module, it had “wlan0”, “eth0” as interfaces, but not “wwan0” So I changed in /etc/sysconfic/SUSEfirewall2 the line

FW_DEV_EXT="wlan0"

into

FW_DEV_EXT="wlan0 wwan0"

. I expect that the firewall now regards wwan0 as an external zone. But why was the interface “wwan0” not configured automatically by Yast or whatever?

I don’t know, maybe wwan0 wasn’t setup yet when the firewall was configured?

But the default is “external” for unlisted interfaces anyway.
From /etc/sysconfig/SuSEfirewall2:

## Type:        string(no,auto)
#
# Set default firewall zone
#
# Format: 'auto', 'no' or name of zone.
#
# When set to 'no' no firewall rules will be installed for unknown
# or unconfigured interfaces. That means traffic on such interfaces
# hits the default drop rules.
#
# When left empty or when set to 'auto' the zone that has the
# interface string 'any' configured is used for all unconfigured
# interfaces (see FW_DEV_EXT). If no 'any' string was found the
# external zone is used.
#
# When a default zone is defined a catch all rule redirects traffic
# from interfaces that were not present at the time SuSEfirewall2
# was run to the default zone. Normally SuSEfirewall2 needs to be
# run if new interfaces appear to avoid such unknown interfaces.
#
# Defaults to 'auto' if not set
#
FW_ZONE_DEFAULT=''

Thank you for your answer. Do you know how to start the automatic configuration of the firewall, again?

No idea, sorry. I guess that’s done by the installation system.

Deleting /etc/sysconfig/SuSEfirewall2 and reinstalling the package SuSEfirewall2 didn’t add any interfaces.

If the YaST Firewall module doesn’t list an interface it would be a bug in YaST.
It doesn’t seem to recognize “wwan0” as network interface.
From the code: (/usr/share/YaST2/modules/NetworkInterfaces.ycp)

global map<string,string> CardRegex = $
    "netcard"   : "arc|ath|bnep|ci|ctc|dummy|bond|escon|eth|fddi|ficon|hsi|qeth|
lcs|iucv|myri|tr|usb|wlan|xp|vlan|br|tun|tap|ib|em|p|p[0-9]+p",
    "modem"     : "ppp|modem",
    "isdn"      : "isdn|ippp",
    "dsl"       : "dsl",
    /* other: irlan|lo|plip|... */
];

You could try to add “wwan” to the netcard regexp there if you want to.

Made a bugreport: https://bugzilla.novell.com/show_bug.cgi?id=820382