On my research list: migrate from OpenSuSE SuSEfirewall2 to firewalld
Posted by jpluimers on 2018/02/11
The [WayBack] github.com/openSUSE/susefirewall2-to-firewalld is on my research list as right before going on holiday, upgrading broke my firewall configuration (:
Tumbleweed sometimes means living on the bleeding edge (which forces you to learn new things faster), so I knew things like this could be coming.
Related:
- [WayBack] openSUSE News: Tumbleweed Snapshots Get YaST Changes for Firewalld
- [Archive.is] Review of the week 2018/06 – Dominique a.k.a. DimStar (Dim*)
- [WayBack] Home | firewalld
- [Archive.is] Review of the week 2018/05 – Dominique a.k.a. DimStar (Dim*)
From the IRC chat at #opensuse-factory:
[5:25pm] <wiert> Something odd happened today: on an x64 system, I didzypper dist-upgrade, and nowapache2ports80and443are not reachable from the outside any more (only onlocalhost)[5:25pm] <wiert>sysconf_addword /etc/sysconfig/SuSEfirewall2 FW_CONFIGURATIONS_EXT apache2[5:25pm] <wiert>"apache2" already present[5:26pm] <wiert> same foreapache2-ssl[5:27pm] <wiert> sshd on the same line works fine. Apache runs.[5:30pm] Son_Goku joined the chat room.[5:31pm] <wiert> Ah, I see that/etc/sysconfig/SuSEfirewall2.d/services/apache2and/etc/sysconfig/SuSEfirewall2.d/services/apache2-sslgot deleted. Why?[5:32pm] <simonizor> AFAIK, it was replaced byfirewalld[5:33pm] <simonizor> Both useiptablesas a backend, so functionality should be relatively the same[5:34pm] <wiert> Any URLs for migration tips?[5:35pm] <wiert> For now I’ve donesysconf_addword /etc/sysconfig/SuSEfirewall2 FW_SERVICES_EXT_TCP 80[5:35pm] <wiert> andsysconf_addword /etc/sysconfig/SuSEfirewall2 FW_SERVICES_EXT_TCP 443[5:35pm] <wiert> now it “works” but I need to migrate one day.
From a different system when I applied the firewall rules after updating:
# SuSEfirewall2 <38>Mar 12 15:40:13 SuSEfirewall2[20606]: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... <38>Mar 12 15:40:13 SuSEfirewall2[20606]: using default zone 'ext' for interface eth0 iptables-batch v1.6.2: unknown protocol "submission" specified Try `iptables-batch -h' or 'iptables-batch --help' for more information. <35>Mar 12 15:40:17 SuSEfirewall2[20606]: Error: iptables-batch failed, re-running using iptables iptables v1.6.2: unknown protocol "submission" specified Try `iptables -h' or 'iptables --help' for more information. ip6tables-batch v1.6.2: unknown protocol "submission" specified Try `ip6tables-batch -h' or 'ip6tables-batch --help' for more information. <35>Mar 12 15:40:17 SuSEfirewall2[20606]: Error: ip6tables-batch failed, re-running using ip6tables ip6tables v1.6.2: unknown protocol "submission" specified Try `ip6tables -h' or 'ip6tables --help' for more information. <38>Mar 12 15:40:18 SuSEfirewall2[20606]: Firewall rules successfully set
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment