The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,373 other followers

On my research list: migrate from OpenSuSE SuSEfirewall2 to firewalld

Posted by jpluimers on 2018/02/11

The [WayBack] github.com/openSUSE/susefirewall2-to-firewalld is on my research list as right before going on holiday, upgrading broke my firewall configuration (:

Tumbleweed sometimes means living on the bleeding edge (which forces you to learn new things faster), so I knew things like this could be coming.

Related:

From the IRC chat at #opensuse-factory:

[5:25pm] <wiert> Something odd happened today: on an x64 system, I did zypper dist-upgrade, and now apache2 ports 80 and 443 are not reachable from the outside any more (only on localhost)
[5:25pm] <wiert> sysconf_addword /etc/sysconfig/SuSEfirewall2 FW_CONFIGURATIONS_EXT apache2
[5:25pm] <wiert> "apache2" already present
[5:26pm] <wiert> same fore apache2-ssl
[5:27pm] <wiert> sshd on the same line works fine. Apache runs.
[5:30pm] <wiert> What could I have broken? I went from 20180129 to 20180209
[5:30pm] Son_Goku joined the chat room.
[5:31pm] <wiert> Ah, I see that /etc/sysconfig/SuSEfirewall2.d/services/apache2 and /etc/sysconfig/SuSEfirewall2.d/services/apache2-ssl got deleted. Why?
[5:32pm] <simonizor> AFAIK, it was replaced by firewalld
[5:33pm] <simonizor> Both use iptables as a backend, so functionality should be relatively the same
[5:34pm] <wiert> Any URLs for migration tips?
[5:35pm] <wiert> For now I’ve done sysconf_addword /etc/sysconfig/SuSEfirewall2 FW_SERVICES_EXT_TCP 80
[5:35pm] <wiert> and sysconf_addword /etc/sysconfig/SuSEfirewall2 FW_SERVICES_EXT_TCP 443
[5:35pm] <wiert> now it “works” but I need to migrate one day.

From a different system when I applied the firewall rules after updating:

# SuSEfirewall2 
<38>Mar 12 15:40:13 SuSEfirewall2[20606]: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
<38>Mar 12 15:40:13 SuSEfirewall2[20606]: using default zone 'ext' for interface eth0

iptables-batch v1.6.2: unknown protocol "submission" specified
Try `iptables-batch -h' or 'iptables-batch --help' for more information.
<35>Mar 12 15:40:17 SuSEfirewall2[20606]: Error: iptables-batch failed, re-running using iptables
iptables v1.6.2: unknown protocol "submission" specified
Try `iptables -h' or 'iptables --help' for more information.
ip6tables-batch v1.6.2: unknown protocol "submission" specified
Try `ip6tables-batch -h' or 'ip6tables-batch --help' for more information.
<35>Mar 12 15:40:17 SuSEfirewall2[20606]: Error: ip6tables-batch failed, re-running using ip6tables
ip6tables v1.6.2: unknown protocol "submission" specified
Try `ip6tables -h' or 'ip6tables --help' for more information.
<38>Mar 12 15:40:18 SuSEfirewall2[20606]: Firewall rules successfully set

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

 
%d bloggers like this: