|
Bugzilla – Full Text Bug Listing |
| Summary: | SUSE firewall should show more detailed summary (on request) | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 10.3 | Reporter: | Felix Rommel <felix.rommel> |
| Component: | YaST2 | Assignee: | Lukas Ocilka <locilka> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Enhancement | ||
| Priority: | P5 - None | CC: | security-team |
| Version: | Alpha 1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
step 1: enter settings
step 2: click next, settings are not shown step 3: start the YaST firewall config tool again and settings are not shown complete YaST2 log directory /etc/sysconfig/SuSEfirewall2 |
||
|
Description
Felix Rommel
2006-12-20 20:10:32 UTC
-> yast maintainer Trying to reproduce:
1.) Opening YaST Firewall
2.) Clicking [Next] to see the current configuration
External Zone
-------------
Open Services, Ports, and Protocols
* DNS Server
* NFS Client
* NFS Server
* Remote Administration
* SSH
3.) Clicking [Back]
4.) Clicking on Allowed Services, [Advanced] button
5.) Adding UDP Ports: "10000 500", IP Protocols: "esp"
6.) Clicking [OK]
/var/log/YaST2/y2log says:
2007-01-08 15:02:57 <1> miracle(27850) [YCP] SuSEFirewall.ycp:2351 Adding additional services ["10000", "500"]/UDP into zone EXT
2007-01-08 15:02:57 <1> miracle(27850) [YCP] PortRanges.ycp:377 Joining list of ranges []
2007-01-08 15:02:57 <1> miracle(27850) [YCP] PortRanges.ycp:487 Result of joining: []
2007-01-08 15:02:57 <1> miracle(27850) [YCP] SuSEFirewall.ycp:2351 Adding additional services ["esp"]/IP into zone EXT
2007-01-08 15:02:57 <1> miracle(27850) [YCP] PortRanges.ycp:312 Protocol IP doesn't support port ranges, skipping...
(no error)
7.) Clicking [Next] to see the changed configuration overview:
External Zone
-------------
Open Services, Ports, and Protocols
* DNS Server
* NFS Client
* NFS Server
* Remote Administration
* SSH
* UDP Ports: 10000, 500
* IP Protocols: esp
8.) Conclusion:
Cannot duplicate, requested ports are added.
(Checked also in the configuration file /etc/sysconfig/SuSEfirewall2)
So, please, if you can duplicate the problem by yourself, finish the firewall configuration by clicking on the Accept button and attach files /var/log/YaST/y2log and /etc/sysconfig/SuSEfirewall2 after it is done.
Thanks
Ok, I checked /etc/sysconfig/SuSEfirewall2 and the settings ARE saved. Nevertheless the settings are not shown in YaST Firewall config tool - see attached screenshots. Created attachment 112039 [details]
step 1: enter settings
Created attachment 112040 [details]
step 2: click next, settings are not shown
Created attachment 112041 [details]
step 3: start the YaST firewall config tool again and settings are not shown
I see, this is strange, but ... Could you, please, attach your /var/log/YaST/ firectory directory (a tar/gzip whatever) and your /etc/sysconfig/SuSEfirewall2 as mentioned in comment #2? I can't do anything without them because, as you can see, I was unable to duplicate the error. Thanks Created attachment 112207 [details]
complete YaST2 log directory
Created attachment 112208 [details]
/etc/sysconfig/SuSEfirewall2
I see. Actually, firewall saves the configuration as is has been entered but port 500 and protocol esp are already allowed by service IPsec.
/* IPsec definition */
"ipsec" : $[
"name" : _("IPsec"),
"udp_ports" : [ "isakmp", "ipsec-nat-t" ],
"ip_protocols" : [ "esp" ],
],
According to /etc/services
isakmp is port 500
It would be nice when firewall could show a detailed summary which ports are actually open (by services) and which service open which ports (and protocols...)
This comes from the firewall .changes file: - Show firewall summary details on request (#230042). - yast2-firewall-2.15.4 |