Bug 1148560 - susefirewall2-to-firewalld handles iptables rule in /etc/sysconfig/scripts/SuSEfirewall2-custom wrongly
susefirewall2-to-firewalld handles iptables rule in /etc/sysconfig/scripts/Su...
Status: RESOLVED NORESPONSE
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Network
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Michał Rostecki
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-28 12:48 UTC by Freek de Kruijf
Modified: 2021-04-15 10:36 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Freek de Kruijf 2019-08-28 12:48:59 UTC
The below shown iptables rule is in /etc/sysconfig/scripts/SuSEfirewall2-custom mentioned in /etc/sysconfig/SuSEfirewall2

I used parameter -d with command susefirewall2-to-firewalld to find the following output:

DEBUG: iptables rule: -A INPUT -s 54.38.56.123/32 -j DROP
INFO: RICH: Adding rich rule="rule family=ipv4 source address=54.38.56.123/32 accept" to zone="INPUT"
DEBUG: ZONE="INPUT" RICH="rule family=ipv4 source address=54.38.56.123/32 accept"
INFO: Enabling rich rule="rule family=ipv4 source address=54.38.56.123/32 accept" for zone=""
DEBUG: Executing: firewall-cmd --zone= --add-rich-rule=rule family=ipv4 source address=54.38.56.123/32 accept
DEBUG: firewall-cmd --zone= --add-rich-rule=rule family=ipv4 source address=54.38.56.123/32 accept

The iptables rule: -A INPUT -s 54.38.56.123/32 -j DROP should result in
firewall-cmd --zone= --add-rich-rule='rule family=ipv4 source address=54.38.56.123/32 drop' Note accept instead of drop; quite the opposite of what should be the result.
Comment 1 Freek de Kruijf 2021-04-15 10:36:05 UTC
Closed