Bug 716013

Summary: SuSEfirewall2 config broken: FW_ZONE_DEFAULT="''"
Product: [openSUSE] openSUSE 12.1 Reporter: Freek de Kruijf <freek>
Component: YaST2Assignee: Lukas Ocilka <locilka>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Critical    
Priority: P2 - High CC: lnussel
Version: Factory   
Target Milestone: ---   
Hardware: All   
OS: SUSE Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 715889    
Attachments: file /etc/sysconfig/SuSEfirewall2
y2logs

Description Freek de Kruijf 2011-09-05 21:30:32 UTC 
Created attachment 449251 [details]
file /etc/sysconfig/SuSEfirewall2

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:6.0) Gecko/20100101 Firefox/6.0

After a rather basic installation of openSUSE 12.1 M5 the command /sbin/SuSEfirewall2 produces the following output:eik121m5:~ # /sbin/SuSEfirewall2 
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: using default zone '''' for interface eth0
/sbin/SuSEfirewall2: line 955: FW_DEV_='' eth0: command not found
SuSEfirewall2: Warning: no interface active
iptables-batch v1.4.12: Couldn't load target `input_''':No such file or directory

Try `iptables-batch -h' or 'iptables-batch --help' for more information.
SuSEfirewall2: Error: iptables-batch failed, re-running using iptables
iptables v1.4.12: Couldn't load target `input_''':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
ip6tables-batch v1.4.12: Couldn't load target `input_''':No such file or directory

Try `ip6tables-batch -h' or 'ip6tables-batch --help' for more information.
SuSEfirewall2: Error: ip6tables-batch failed, re-running using ip6tables
ip6tables v1.4.12: Couldn't load target `input_''':No such file or directory

Try `ip6tables -h' or 'ip6tables --help' for more information.
SuSEfirewall2: Firewall rules successfully set                                                                                                                                               
eik121m5:~ # 

The setup of the network is that I use the traditional ifup method with fixed addresses, an IPv4 and a global IPv6 address, but this does not seem to be a problem, because I have the same kind of error messages in a system with dynamic addresses.

The file /etc/sysconfig/SuSEfirewall2 is unaltered and is attached.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.



This probably prevents IPv6 to work, which makes it a major problem.
Comment 1 Ludwig Nussel 2011-09-06 09:29:32 UTC 
FW_ZONE_DEFAULT="''" is bogus. Where does that come from?
Comment 2 Freek de Kruijf 2011-09-06 15:59:36 UTC 
I have no idea. It was just generated that way.On Thursday I will further investigate this on that machine. Maybe I can find something today or tomorrow on my laptop.
Comment 3 Freek de Kruijf 2011-09-06 20:10:12 UTC 
I checked my laptop and it has the same problem with FW_ZONE_DEFAULT="''". I removed '' and after that the error messages are gone. I reinstalled the package SuSEfirewall2, which contains the file /etc/sysconfig/SuSEfirewall2 but I am not sure this file has been replaced by the one from the package. At least the '' did not return in the file.
If these '' are not in the package, the only change made during the installation of openSUSE 12.1 M5 is when I open the ssh port during the configuration of the system. On Thursday I will reinstall M5 and not open the ssh port and see whether these '' are still present.
Comment 4 Bernhard Wiedemann 2011-09-07 15:00:37 UTC 
This is an autogenerated message for OBS integration:
This bug (716013) was mentioned in
https://build.opensuse.org/request/show/81346 Factory / SuSEfirewall2
Comment 5 Ludwig Nussel 2011-09-09 08:39:50 UTC 
*** Bug 715889 has been marked as a duplicate of this bug. ***
Comment 6 Ludwig Nussel 2011-09-09 11:10:41 UTC 
got it too with current factory install. I suppose yast can't cope with '' somehow and writes it as "''" then.
Comment 7 Ludwig Nussel 2011-09-09 11:11:27 UTC 
Created attachment 450015 [details]
y2logs
Comment 8 Lukas Ocilka 2011-09-12 07:14:49 UTC 
OK, reproduced.

Probably an issue with our generic config file read/write agent,
because YaST Firewall doesn't read or write FW_ZONE_DEFAULT at all
(visible from logs).
Comment 9 Lukas Ocilka 2011-09-13 09:28:52 UTC 
-------------------------------------------------------------------
Tue Sep 13 10:39:42 CEST 2011 - locilka@suse.cz

- Fixed SuSEfirewall2 SCR agent to understand single-quoted and
  double-quoted, single and multi-line variables and also
  single-line variables without any quotes (bnc#716013).
- yast2-2.21.19

-------------------------------------------------------------------

Fixed for openSUSE 12.1, SLE 11 SP1 (planned update) and SLE 11 SP2
Comment 10 Lukas Ocilka 2011-09-13 09:31:08 UTC 
PS: also see bug #717251 (not 100% related to this one)
Comment 11 Bernhard Wiedemann 2011-09-13 10:00:28 UTC 
This is an autogenerated message for OBS integration:
This bug (716013) was mentioned in
https://build.opensuse.org/request/show/81984 Factory / yast2