[sle-beta] Firewall related questions and issues

Beddingfield, Allen allen at ua.edu
Tue Feb 6 09:46:00 MST 2018


So, I've been testing the various betas of SLES 15 like the rest of you, and for the most part, I've seen no problems that haven't already been discussed and/or resolved.

However, I would like to discuss the firewall situation.  I was under the impression early on that a SUSE-specific Yast module (as we currently have on previous versions) would be added later for managing firewalld?  Is that not the case?  
As it stands now, the tui version of Yast gives an error to the effect that you must use the gui version.  The gui version loads the same utility that Red Hat uses.  
Not having a more-intuitive-than-the-competition SUSE-specific Yast module doesn't seem very "SUSE-like".  If one exists for iptables, it seems like one could exist for firewalld?
I do extensive custom rules (192.168.0.1/24 allowed on tcp 22, 192.168.1.5 allowed on tcp 678, and on and on). While I've easily figured out how to do that with firewall-cmd and "--add-rich-rule", it is nice to have the tui interface to enter "custom rules" as we do now.
Also, how well are all of those rules going to get converted over in a 12.x to 15.x upgrade?  I will have to attempt an upgrade to give that a go and see for myself.  I have systems with 50+ "Custom Rules" defined

I believe this issue has been brought up before as being still in process, but I will mention it:

While we are on the topic of the firewall, I notice that if I go into "yast nfs-server", where you would normally select to open the ports, there is the following message:

"Firewall not configurable"
* nfs-kernel-server (Not available)
"You need to defined them to be able to configure the firewall."

Possible typo -  ("defined should probably also be "define" )

"yast samba-server" yields the same error, but with * samba-server, * netbios-server, and * samba client

Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen at ua.edu



More information about the sle-beta mailing list