Bug 327565

Summary: Firewall can't open ..... port
Product: [openSUSE] openSUSE 10.3 Reporter: Miquel A. Noguera <ibz>
Component: YaST2Assignee: Lukas Ocilka <locilka>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None CC: lnussel, locilka
Version: RC 1   
Target Milestone: ---   
Hardware: PC   
OS: openSUSE 10.3   
Whiteboard:
Found By: Beta-Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: configuring mail
configuring ftp server
configuring printer
yast logs

Description Miquel A. Noguera 2007-09-23 11:33:07 UTC 
In different options, when I select "open port in firewall", a popup says "Because of SuSE Firewall settings, the port on the following interfaces cannot be opened: eth0"
Comment 1 Miquel A. Noguera 2007-09-23 11:34:42 UTC 
Created attachment 174061 [details]
configuring mail

The other window in this screenshot shows wat is opened in my firewall.
Comment 2 Miquel A. Noguera 2007-09-23 11:39:41 UTC 
Created attachment 174062 [details]
configuring ftp server
Comment 3 Miquel A. Noguera 2007-09-23 11:46:39 UTC 
Created attachment 174063 [details]
configuring printer
Comment 4 Matej Horvath 2007-09-24 09:41:27 UTC 
Could you please attach your yast logs (http://en.opensuse.org/YaST/Bugs)?
Comment 5 Miquel A. Noguera 2007-09-24 15:36:04 UTC 
Created attachment 174387 [details]
yast logs
Comment 6 Lukas Ocilka 2007-10-01 12:44:21 UTC 
It seems that your firewall configuration is wrong:
    "FW_DEV_EXT":"'eth0'"
there should be
    "FW_DEV_EXT":"eth0"
instead
(simple manual fix)

You were obviously doing an update from older 10.3 to a new one. I did a simple 10.2 -> 10.3 and I seem to suffer from the same symptoms.

See this diff from my old SuSEfirewall2's config with the new one:

miracle:/etc/sysconfig # diff -u SuSEfirewall2.zaloha SuSEfirewall2 | grep FW_DEV
-FW_DEV_EXT="eth-bus-pci-0000:05:0c.0"
+FW_DEV_EXT="'eth1'"
-FW_DEV_INT="eth-id-00:11:d8:a0:a6:d8"
+FW_DEV_INT="'eth1'"

See also this /var/log/YaST2/y2logRPM file:

--- cut ---
2007-10-01 11:43:43 sysconfig-0.70.2-4.x86_64.rpm installed ok
Additional rpm output:
`/etc/udev/rules.d/30-net_persistent_names.rules' -> `/etc/udev/rules.d/30-net_persistent_names.rules.to_convert'
/etc/sysconfig/network /
converting filename: `ifcfg-eth-bus-pci-0000:05:0c.0' -> `ifcfg-eth1'
../SuSEfirewall2: FW_DEV_EXT: any eth-id-00:11:d8:a0:a6:d8 --> eth1
../SuSEfirewall2: FW_DEV_INT: eth-bus-pci-0000:05:0c.0 --> eth1
/
Updating etc/sysconfig/network/dhcp...
Updating etc/sysconfig/network/config...
Removing old autogenerated device configuration files:
removed `/etc/sysconfig/storage'

2007-10-01 11:43:45 xchat-2.8.4-35.x86_64.rpm installed ok
2007-10-01 11:43:47 SuSEfirewall2-3.6_SVNr183-10.noarch.rpm installed ok
Additional rpm output:
Updating etc/sysconfig/SuSEfirewall2...
--- cut ---

Christian, don't you know more? Isn't there a mistake in the convert-sysconfig-SuSEfirewall2 script?
Comment 7 Stefan Behlert 2008-01-17 13:42:49 UTC 
Ping.
Comment 8 Christian Zoz 2008-01-24 18:38:08 UTC 
No. The convert script produces FW_DEV_*='eth0'.
See bug 307210 comment 2

I assume that something else (YaST?) later reads 'eth0' and converts it to "'eth0'".
Comment 9 Lukas Ocilka 2008-01-28 09:24:38 UTC 
I see, the script /etc/sysconfig/network/scripts/hwdesc2iface changes the sysconfig file syntax from using double-quotes to using single-quotes.

YaST firewall was unable to read those single quotes because SuSEfirewall2 has never been using them (AFAIK).

Fixed in yast2-2.16.23