[sle-beta] Firewall related questions and issues

Thu Feb 8 03:18:33 MST 2018

Hi,
> On 6 Feb 2018, at 17:46, Beddingfield, Allen <allen at ua.edu> wrote:
> 
> So, I've been testing the various betas of SLES 15 like the rest of you, and for the most part, I've seen no problems that haven't already been discussed and/or resolved.
> 
> However, I would like to discuss the firewall situation.  I was under the impression early on that a SUSE-specific Yast module (as we currently have on previous versions) would be added later for managing firewalld?  Is that not the case?
> As it stands now, the tui version of Yast gives an error to the effect that you must use the gui version.  The gui version loads the same utility that Red Hat uses.
> Not having a more-intuitive-than-the-competition SUSE-specific Yast module doesn't seem very "SUSE-like".  If one exists for iptables, it seems like one could exist for firewalld?
> I do extensive custom rules (192.168.0.1/24 allowed on tcp 22, 192.168.1.5 allowed on tcp 678, and on and on). While I've easily figured out how to do that with firewall-cmd and "--add-rich-rule", it is nice to have the tui interface to enter "custom rules" as we do now.
> Also, how well are all of those rules going to get converted over in a 12.x to 15.x upgrade?  I will have to attempt an upgrade to give that a go and see for myself.  I have systems with 50+ "Custom Rules" defined
> 
> I believe this issue has been brought up before as being still in process, but I will mention it:
> 
> While we are on the topic of the firewall, I notice that if I go into "yast nfs-server", where you would normally select to open the ports, there is the following message:
> 
> "Firewall not configurable"
> * nfs-kernel-server (Not available)
> "You need to defined them to be able to configure the firewall."
> 
> Possible typo -  ("defined should probably also be "define" )
> 
> "yast samba-server" yields the same error, but with * samba-server, * netbios-server, and * samba client
> 
> Allen B.

Thanks for your feedback!
It is still true that firewalld and the YaST adaptation are still Work In
Progress. I would suggest to open bug reports on the matter that is most
important for you, so we can keep track of the progress and provide more details
information if needed.

We should cover the firewalld and YaST changes in
https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/ in the future.

Regards,
--
Vincent Moutoussamy
SUSE Beta Program and SDK Project Manager

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/sle-beta/attachments/20180208/4fdd1a80/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.suse.com/pipermail/sle-beta/attachments/20180208/4fdd1a80/attachment.sig>