|
Bugzilla – Full Text Bug Listing |
| Summary: | Misleading Label in Yast - Assigning Firewall Zones to Interfaces | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.0 | Reporter: | Jakub Friedl <jfriedl> |
| Component: | YaST2 | Assignee: | Michal Zugec <mzugec> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | ke, lnussel, locilka |
| Version: | Beta 2 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
Lukas, can you comment that? IMHO "No Zone" means any->External Zone, right? So we can change that string to "Default Zone (External)" Karl, I suggest to change that string in case it's wrong. It's better to have not translated one like wrong explained option. From what I saw, Ludwig has changed the default behavior that if an interface is not assigned to any zone (and 'any' is not used), that interface will be assigned to EXT zone anyway. This was written by Ludwig: SuSEfirewall2 now always assigns zones to all interfaces and even installs a rule routes all remaining traffic into the default zone. The default zone is either defined by the hidden, undocumented option 'FW_ZONE_DEFAULT', the zone that contains the 'any' keyword or the external zone. That way at least outgoing traffic always works. So the option in YaST should really read e.g. "No Zone, use defaults" or "Automatically assign zone". string changed ("Automatically assign zone")
yast2-network-2.16.43
|
from the communication with Ludwig Nussel: > We have just noticed that if the "No Zone, All Traffic Blocked" option is > selected for a network interface in the YaST, the traffic is not blocked at > all, the SuSEfirewall2 outputs "no default firewall zone defined, > assuming 'ext'". Oh, obviously I didn't pay enough attention to the firewall module. SuSEfirewall2 now always assigns zones to all interfaces and even installs a rule routes all remaining traffic into the default zone. The default zone is either defined by the hidden, undocumented option 'FW_ZONE_DEFAULT', the zone that contains the 'any' keyword or the external zone. That way at least outgoing traffic always works. So the option in YaST should really read e.g. "No Zone, use defaults" or "Automatically assign zone". the current solution in our documentation: <term>No Zone, All Traffic Blocked</term> <listitem> <para> This option is available only if the firewall is enabled. The firewall is running, but the interface is not assigned to any firewall zone. Despite the option's name suggesting blocking all the network traffic on the interface, the SUSEfirewall2 will use the zone that contains the 'any' keyword or the external zone for such an interface. </para> But it needs to be fixed in yast.