Bug 899330 - Interfaces does not automatically show up in firewall with NetworkManager
Interfaces does not automatically show up in firewall with NetworkManager
Status: CONFIRMED
: 929455 931912 (view as bug list)
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: YaST2
Current
x86-64 Other
: P3 - Medium : Enhancement (vote)
: ---
Assigned To: YaST Team
Jiri Srain
https://trello.com/c/qkRztfel
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-10-01 08:35 UTC by razi zulkepli
Modified: 2022-06-05 05:42 UTC (History)
15 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description razi zulkepli 2014-10-01 08:35:27 UTC
When using NetworkManager, network interfaces does not listed in firewall.

I have to manually configure it using Wicked Service first, to make it registered in firewall. And then use networkManager back.

This is troublesome, for example when setting up internet sharing you can't proceed to zone assign and Network masquerade until you do the step above.
Comment 1 Carlos Bessa 2014-10-01 21:23:26 UTC
(In reply to razi zulkepli from comment #0)
> When using NetworkManager, network interfaces does not listed in firewall.
> 
> I have to manually configure it using Wicked Service first, to make it
> registered in firewall. And then use networkManager back.
> 
> This is troublesome, for example when setting up internet sharing you can't
> proceed to zone assign and Network masquerade until you do the step above.

I can also confirm this. One has to configure it manually in Wicked Service and then go back to networkmanager for the devices to appear in the firewall.
If I recall correctly in desktops the wicked service is used by default (at least it was the case for ifup) so that won't be a problem. But for laptops the default is network manager so users will be unprotected. 
The firewall is turned on by default so I never crossed my mind to look it up, until I wanted the change the firewall zone for a particular network device.

regards,
Carlos
Comment 2 Bernhard Wiedemann 2014-10-04 19:03:44 UTC
Is this yast2 firewall that you use or are you directly editing
/etc/sysconfig/SuSEfirewall2* ?

or does NetworkManager have its own?
Comment 3 Yifan Jiang 2014-12-17 07:11:32 UTC
Hi Razi,

Would you provide more information as Comment 2 asked? Thank you!
Comment 4 Camilo Castillo 2015-05-09 18:00:27 UTC
It looks like this problem is still around in 13.2
Made a bug report here:
https://bugzilla.opensuse.org/show_bug.cgi?id=929455

It looks like the same problem to me. 
Mine is the duplicate report
Comment 5 Arvin Schnell 2015-06-30 13:22:57 UTC
*** Bug 929455 has been marked as a duplicate of this bug. ***
Comment 6 Dominique Leuenberger 2017-01-18 17:31:56 UTC
(In reply to Bernhard Wiedemann from comment #2)
> Is this yast2 firewall that you use or are you directly editing
> /etc/sysconfig/SuSEfirewall2* ?
> 
> or does NetworkManager have its own?

Reprduced here - YaST Firewall module sees no interfaces when NM is being used (NM *can* work with firewalld, but that's by a long shot not default in openSUSE)

This seems more a YaST issue than NetworkManager => reassigning
Comment 7 Simcha Lerner 2017-07-24 11:54:29 UTC
As of 2017-07-24 this is still an issue.

In addition to interfaces not showing up in Yast Firewall, postfix mail fails to initialize with a "fatal: parameter inet_interfaces: no local interface found for ::1" error.

This is a security issue and should be dealt with sooner rather than later.
Comment 8 Knut Alejandro Anderssen González 2020-01-15 11:03:03 UTC
The original bug was reported for openSUSE 13.1 or 13.2.

YaST used to deal only with wicked configured interfaces and interfaces configured by NM were out of the scope, so will consider it as an enhancement more than a bug.

TW currently uses firewalld and the firewall module has been completely refactorized with a new API for configuring it.
Comment 9 Imobach Gonzalez Sosa 2021-01-22 11:56:57 UTC
I am sorry, but the original bug, as Knut commented, was open against openSUSE 13 and the situation has changed quite a lot. Now firewalld is the firewall solution to go and it is the only supported solution by YaST. This problem does not happen in that case, so I am closing the bug as WONTFIX.

Thanks for reporting!

Regards,
Imo
Comment 10 Imobach Gonzalez Sosa 2021-01-22 13:26:44 UTC
Sorry, I have to correct myself. The problem is still there and there are some duplicates already. I am reopening the bug again.
Comment 11 Imobach Gonzalez Sosa 2021-01-22 13:28:14 UTC
*** Bug 931912 has been marked as a duplicate of this bug. ***
Comment 12 Andrei Borzenkov 2022-06-05 05:42:30 UTC
(In reply to Imobach Gonzalez Sosa from comment #9)
> I am sorry, but the original bug, as Knut commented, was open against
> openSUSE 13 and the situation has changed quite a lot. Now firewalld is the
> firewall solution to go and it is the only supported solution by YaST. This
> problem does not happen in that case,

of course it does. YaST2 firewall module only shows interfaces for which wicked configuration exists. This is hidden by the fact that installer creates both wicked ifcfg and NM connection profile for interface used during installation so it /looks/ like it works. But any interface that does not have wicked configuration is "invisible" to YaST firewall module.

As NetworkManager is now default and wicked is not even installed this is no more "enhancement" but a real bug. Reproduced on TW 20220603.

See also https://forums.opensuse.org/showthread.php/570803-Yast-firewall-doesn-t-respect-interface-selected