Bug 407823

Summary: Documentation error in SuSEfirewall2
Product: [openSUSE] openSUSE 11.0 Reporter: Jon Nelson <jnelson-suse>
Component: NetworkAssignee: Ludwig Nussel <lnussel>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Jon Nelson 2008-07-10 05:32:36 UTC 
The docs for FW_SERVICES_ACCEPT_RELATED_* look like this:

# Format: space separated list of net,protocol[,sport[,dport]]

but (at least) sport is required.
Comment 1 Ludwig Nussel 2008-07-11 08:11:27 UTC 
no, you can specify something like "1.2.3.0/24,tcp" just fine.
Comment 2 Jon Nelson 2008-07-11 13:16:28 UTC 
Well, before I filed the bug I went to the source and it's fairly clear to me. However, by means of demonstration....

turnip:~ # grep RELATED /etc/sysconfig/SuSEfirewall2
# Services to allow that are considered RELATED by the connection tracking
FW_SERVICES_ACCEPT_RELATED_EXT=""
# see FW_SERVICES_ACCEPT_RELATED_EXT
FW_SERVICES_ACCEPT_RELATED_DMZ=""
# see FW_SERVICES_ACCEPT_RELATED_EXT
FW_SERVICES_ACCEPT_RELATED_INT="192.168.2.0/24,tcp"
turnip:~ # SuSEfirewall2
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: Warning: no default firewall zone defined, assuming 'ext'
SuSEfirewall2: Error: too few parameters in FW_SERVICES_ACCEPT_RELATED_INT -> 192.168.2.0/24,tcp
SuSEfirewall2: batch committing...
SuSEfirewall2: Firewall rules successfully set
turnip:~ #

On or around line 1336 of SuSEfirewall2:

            IFS=, eval set -- \$service
            if [ "$#" -lt 3 ]; then
                error "too few parameters in $var -> $service"
                continue
            fi
Comment 3 Ludwig Nussel 2008-07-11 13:26:10 UTC 

*** This bug has been marked as a duplicate of bug 407825 ***