yast2-firewall launches firewalld GUI since most recent dup

After the most recent zypper dup to the latest Tumbleweed snapshot, I tried running firewall from yast2, and after installing a couple of packages, the firewalld utility started up instead of the SuSEfirewall2 GUI I was expecting.

Have I made a mistake or has Tumbleweed moved away from the old firewall tools?

If I’ve made a mistake (it’s possible: I was on the phone when I tried to edit my firewall settings) how can I revert to the old system? If this is part of a broader move away from SuSEfirewall2, then I guess I’m cool with that.

Either way, I’d really appreciate if someone could let me know.


Welcome to openSUSE Forums.

Start by showing us which firewall packages are installed

zypper se -si firewall

and perhaps

systemctl status SuSEfirewall2
systemctl status firewalld

I couldn’t find anything TW-specific, but it does indeed appear there is a move from SuSEfirewall2 to firewalld being worked on for SLE 15 (and hence Leap), so that would explain why TW is moving to it already I guess.

openSUSE Conference 2017 SLE 15 - What’s coming?

From the openSUSE Factory mailinglist:http://[opensuse-factory] New Tumbleweed snapshot 20180117 released!

  • Replace SuSEfirewall2 with firewalld in enhanced_base

So that confirms it. :slight_smile:

Thanks for the warm welcome!

Here’s the asked-for output -

zypper se -si firewall:

S  | Name             | Type        | Version     | Arch   | Repository             
i+ | Firewall         | application |             | noarch | openSUSE-Tumbleweed-Oss
i+ | SuSEfirewall2    | package     | 3.6.376-1.2 | noarch | openSUSE:Tumbleweed    
i+ | SuSEfirewall2    | package     | 3.6.376-1.2 | noarch | openSUSE-Tumbleweed-Oss
i+ | firewall-config  | package     | | noarch | openSUSE:Tumbleweed    
i+ | firewall-config  | package     | | noarch | openSUSE-Tumbleweed-Oss
i  | firewalld        | package     | | noarch | openSUSE:Tumbleweed    
i  | firewalld        | package     | | noarch | openSUSE-Tumbleweed-Oss
i  | firewalld-lang   | package     | | noarch | openSUSE:Tumbleweed    
i  | firewalld-lang   | package     | | noarch | openSUSE-Tumbleweed-Oss
i  | python3-firewall | package     | | noarch | openSUSE:Tumbleweed    
i  | python3-firewall | package     | | noarch | openSUSE-Tumbleweed-Oss
i+ | yast2-firewall   | package     | 4.0.8-1.1   | noarch | openSUSE:Tumbleweed    
i+ | yast2-firewall   | package     | 4.0.8-1.1   | noarch | openSUSE-Tumbleweed-Oss

systemctl status SuSEfirewall2:

SuSEfirewall2.service - SuSEfirewall2 phase 2
   Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled; vendor preset: disabled)
   Active: active (exited) since Sun 2018-01-21 16:37:05 GMT; 7min ago
  Process: 1289 ExecStart=/usr/sbin/SuSEfirewall2 boot_setup (code=exited, status=0/SUCCESS)
 Main PID: 1289 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/SuSEfirewall2.service

systemctl status firewalld:

firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

So it seems like SUSEfirewall2 is still the default firewall which gets started on boot, but when I try to change firewall settings in YaST, it launches the firewalld GUI, which is annoying because I actually wanted to change my firewall settings - which are far too stringent by default on my University’s WiFi network. Anyone have any advice?

In terms of features it looks nice but yet to configure port forwards that actually works:P!

I uninstalled SuSEfirewall2 and now the new Gui works

Ever since the introduction of the new GUI in YaST (even though firewalld wasn’t enabled) I’ve found that things which worked fine before (e.g. torrents and video calls in Wire messenger) no longer function as expected. Enabling firewalld and disabling SuSEfirewall2 doesn’t seem to help. A little frustrating.

Seeing issues here too: the yast ncurses firewall module doesn’t work.

Yes, because there is none (yet?), YaST just calls firewalld’s own config application.

You need to use firewalld’s own command line tools to configure it.

Can’t find the mail where I read that at the moment though.

I’ve yet to test torrents and VoIP,

Torrents should not involve any real unusual functionality, so you may need to verify that your torrent app’s port is configured properly in your firewall (firewalld’s public zone by default).

VoIP on the other hand can be implemented using a variety of protocols, so you’ll likely need to start with identifying the protocol used, and then the locations of each machine communicating each other, paying particular attention if you traverse any NAT.


Maybe here?

Yes, that’s definitely one of the mails I read… :wink:

And this one probably summarizes everything quite well I think.

SuSEfirewall2 was more understandable
Firewalld is complicated, and it also takes 20 Mbit of Ram to do what SuSEfirewall2 did.