Bugzilla – Bug 899330
Interfaces does not automatically show up in firewall with NetworkManager
Last modified: 2022-06-05 05:42:30 UTC
When using NetworkManager, network interfaces does not listed in firewall.
I have to manually configure it using Wicked Service first, to make it registered in firewall. And then use networkManager back.
This is troublesome, for example when setting up internet sharing you can't proceed to zone assign and Network masquerade until you do the step above.
(In reply to razi zulkepli from comment #0)
> When using NetworkManager, network interfaces does not listed in firewall.
> I have to manually configure it using Wicked Service first, to make it
> registered in firewall. And then use networkManager back.
> This is troublesome, for example when setting up internet sharing you can't
> proceed to zone assign and Network masquerade until you do the step above.
I can also confirm this. One has to configure it manually in Wicked Service and then go back to networkmanager for the devices to appear in the firewall.
If I recall correctly in desktops the wicked service is used by default (at least it was the case for ifup) so that won't be a problem. But for laptops the default is network manager so users will be unprotected.
The firewall is turned on by default so I never crossed my mind to look it up, until I wanted the change the firewall zone for a particular network device.
Is this yast2 firewall that you use or are you directly editing
or does NetworkManager have its own?
Would you provide more information as Comment 2 asked? Thank you!
It looks like this problem is still around in 13.2
Made a bug report here:
It looks like the same problem to me.
Mine is the duplicate report
*** Bug 929455 has been marked as a duplicate of this bug. ***
(In reply to Bernhard Wiedemann from comment #2)
> Is this yast2 firewall that you use or are you directly editing
> /etc/sysconfig/SuSEfirewall2* ?
> or does NetworkManager have its own?
Reprduced here - YaST Firewall module sees no interfaces when NM is being used (NM *can* work with firewalld, but that's by a long shot not default in openSUSE)
This seems more a YaST issue than NetworkManager => reassigning
As of 2017-07-24 this is still an issue.
In addition to interfaces not showing up in Yast Firewall, postfix mail fails to initialize with a "fatal: parameter inet_interfaces: no local interface found for ::1" error.
This is a security issue and should be dealt with sooner rather than later.
The original bug was reported for openSUSE 13.1 or 13.2.
YaST used to deal only with wicked configured interfaces and interfaces configured by NM were out of the scope, so will consider it as an enhancement more than a bug.
TW currently uses firewalld and the firewall module has been completely refactorized with a new API for configuring it.
I am sorry, but the original bug, as Knut commented, was open against openSUSE 13 and the situation has changed quite a lot. Now firewalld is the firewall solution to go and it is the only supported solution by YaST. This problem does not happen in that case, so I am closing the bug as WONTFIX.
Thanks for reporting!
Sorry, I have to correct myself. The problem is still there and there are some duplicates already. I am reopening the bug again.
*** Bug 931912 has been marked as a duplicate of this bug. ***
(In reply to Imobach Gonzalez Sosa from comment #9)
> I am sorry, but the original bug, as Knut commented, was open against
> openSUSE 13 and the situation has changed quite a lot. Now firewalld is the
> firewall solution to go and it is the only supported solution by YaST. This
> problem does not happen in that case,
of course it does. YaST2 firewall module only shows interfaces for which wicked configuration exists. This is hidden by the fact that installer creates both wicked ifcfg and NM connection profile for interface used during installation so it /looks/ like it works. But any interface that does not have wicked configuration is "invisible" to YaST firewall module.
As NetworkManager is now default and wicked is not even installed this is no more "enhancement" but a real bug. Reproduced on TW 20220603.
See also https://forums.opensuse.org/showthread.php/570803-Yast-firewall-doesn-t-respect-interface-selected