The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,152 other subscribers

Archive for February 11th, 2018

On my research list: migrate from OpenSuSE SuSEfirewall2 to firewalld

Posted by jpluimers on 2018/02/11

The [WayBack] is on my research list as right before going on holiday, upgrading broke my firewall configuration (:

Tumbleweed sometimes means living on the bleeding edge (which forces you to learn new things faster), so I knew things like this could be coming.


From the IRC chat at #opensuse-factory:

[5:25pm] <wiert> Something odd happened today: on an x64 system, I did zypper dist-upgrade, and now apache2 ports 80 and 443 are not reachable from the outside any more (only on localhost)
[5:25pm] <wiert> sysconf_addword /etc/sysconfig/SuSEfirewall2 FW_CONFIGURATIONS_EXT apache2
[5:25pm] <wiert> "apache2" already present
[5:26pm] <wiert> same fore apache2-ssl
[5:27pm] <wiert> sshd on the same line works fine. Apache runs.
[5:30pm] <wiert> What could I have broken? I went from 20180129 to 20180209
[5:30pm] Son_Goku joined the chat room.
[5:31pm] <wiert> Ah, I see that /etc/sysconfig/SuSEfirewall2.d/services/apache2 and /etc/sysconfig/SuSEfirewall2.d/services/apache2-ssl got deleted. Why?
[5:32pm] <simonizor> AFAIK, it was replaced by firewalld
[5:33pm] <simonizor> Both use iptables as a backend, so functionality should be relatively the same
[5:34pm] <wiert> Any URLs for migration tips?
[5:35pm] <wiert> For now I’ve done sysconf_addword /etc/sysconfig/SuSEfirewall2 FW_SERVICES_EXT_TCP 80
[5:35pm] <wiert> and sysconf_addword /etc/sysconfig/SuSEfirewall2 FW_SERVICES_EXT_TCP 443
[5:35pm] <wiert> now it “works” but I need to migrate one day.

From a different system when I applied the firewall rules after updating:

# SuSEfirewall2 
<38>Mar 12 15:40:13 SuSEfirewall2[20606]: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
<38>Mar 12 15:40:13 SuSEfirewall2[20606]: using default zone 'ext' for interface eth0

iptables-batch v1.6.2: unknown protocol "submission" specified
Try `iptables-batch -h' or 'iptables-batch --help' for more information.
<35>Mar 12 15:40:17 SuSEfirewall2[20606]: Error: iptables-batch failed, re-running using iptables
iptables v1.6.2: unknown protocol "submission" specified
Try `iptables -h' or 'iptables --help' for more information.
ip6tables-batch v1.6.2: unknown protocol "submission" specified
Try `ip6tables-batch -h' or 'ip6tables-batch --help' for more information.
<35>Mar 12 15:40:17 SuSEfirewall2[20606]: Error: ip6tables-batch failed, re-running using ip6tables
ip6tables v1.6.2: unknown protocol "submission" specified
Try `ip6tables -h' or 'ip6tables --help' for more information.
<38>Mar 12 15:40:18 SuSEfirewall2[20606]: Firewall rules successfully set


Posted in *nix, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

Do NOT download the Embarcadero patch for RAD Studio 10.2.2!

Posted by jpluimers on 2018/02/11

[WayBack] Embarcadero just released a patch for RAD Studio 10.2.2. It breaks linking projects with runtime packages, like GExperts, any other IDE expert and probably also most component packages. – Thomas Mueller (dummzeuch) – Google+ in a response to [WayBack] RAD Studio 10.2.2 Tokyo February 2018 Patch available now at This patch for RAD Studio 10.2.2 (build 2004)… – Marco Cantù – Google+.

RSP-19914 (by Thomas Mueller)


After installing the RAD Studio 10.2.2 Tokyo February 2018 Patch I can no longer compile any project with “Link with runtime packages”.

Error message:
[dcc32 Fatal Error] Project1.dpr(5): E2225 Never-build package ‘vcl’ must be recompiled

Steps to reproduce

1. Create a new VCL project
2. Open project options
3. Select Packages -> Runtime Packages
4. Set “Link with runtime packages” to true
5. Close dialog with OK
6. Compile the project
-> Error

You might have noticed that the MVP logo is no longer on the blog. It got revoked because I was too critical. Given releases like the above, I can’t stop being critical in a public way as the internal ways to effectively voice criticism that used to work in the past stopped working a long time ago.

Not just the MVP was revoked, the account to which the MVP was attached got killed without notification. That account also had the tech-partner licenses attached: the ones I used to support Delphi open source projects. Which means I do not have any Embarcadero provided licenses to support open source Delphi projects any more except the ones I own (the most recent ones being Delphi 2007 and XE4).

Many people in the Delphi community even refuse to become MVP because formally the MVPs are not allowed to be be critical publicly. Which means these community members have a limited list of Delphi versions they can use to support and test their open source projects with.

I am glad for the time I could use those licenses to support open Delphi source projects, but alas, that time is over. I still like the concepts of Delphi as those are strong. I don’t like how Embarcadero handles their infrastructure and product quality.

In the next 2 years there will be Delphi posts on my blog as that’s about the depth of the posting queue right now. After that: time will tell. For the last decade or so, I’ve spend more free time supporting Delphi than spending time on paid Delphi projects. That won’t last forever.

For now I’m going on a two week holiday tomorrow after which I will be available for new projects.


Related: Why I care about QC and the Delphi community.

Posted in Delphi, Delphi 10.2 Tokyo (Godzilla), Development, Software Development | 22 Comments »

%d bloggers like this: