It’ didn’t show my wireless card in any of the zones, so I added it to the Internal zone using Interfaces -> Custom. I added Secure Shell Server to the Allowed Services for the internal zone but when I click Next, I see the following:
Firewall Starting
- Enable firewall automatic starting
- Firewall starts after the configuration has been written
[HR][/HR] Internal Zone
Interfaces
- 'wlan0' Unknown network interface.
Open Services, Ports, and Protocols
- Secure Shell Server
Demilitarized Zone
- No interfaces assigned to this zone.
External Zone
- No interfaces assigned to this zone.
I clicked Finish and got no errors, and looking in sysconfig shows:
There’s no doubting the general truth of this; however, if I had any, I would bet money that someone who had previously seen neither would find the output of # ufw status verbose easier to follow. The “u” stands for uncomplicated and it does manage to live up to that.
On 08/05/2016 04:16 PM, elijathegold wrote:
>
> ab;2787954 Wrote:
>> Most things we already know seem that way.
>
> There’s no doubting the general truth of this; however, if I had any, I
> would bet money that someone who had previously seen neither would find
> the output of -# ufw status verbose- easier to follow. The “u” stands
> for uncomplicated and it does manage to live up to that.
Yes, I’m sure that’s the case, though Yast (relatively uncomplicated) was
also providing that benefit, but with (in my opinion) another benefit of
being built on iptables, so allowing you to do complicated things too.
SUSE (and openSUSE) tries to strike this balance a lot, and it’s a lot of
work, so that those who are new can get things done, and those who need
all of the power of iptables are not locked out. I’m not meaning UFW
cannot do this, as I have no idea.
Two more things:
I think you’ll find the output of this command useful. It’s basically
what you saw in your summary screen, but you can get at it interactively
and it seems to work for me:
yast firewall interfaces show
Keep in mind that if something is not explicitly defined one way or
another, by default it is in the external (EXT) zone, since that’s
presumably the most-locked/secure zone.
Also, if you (as I do) find the Yast summary confusing (leading to your
original post) I’d encourage you to open a bug against that in BugZila ( https://bugzilla.opensuse.org/ ). The credentials should be identical to
those used to get into these forums via the HTTP/web interface. Feel free
to cite this thread and hopefully the maintainer of that module of Yast
can make things a bit clearer.
Take care.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…