Bug 578787

Summary: firewall: validate interface name when attaching it to zone
Product: [openSUSE] openSUSE Tumbleweed Reporter: macias - <bluedzins>
Component: YaST2Assignee: Michal Filka <mfilka>
Status: REOPENED --- QA Contact: Jiri Srain <jsrain>
Severity: Enhancement    
Priority: P5 - None CC: artkoz78, cookie170, locilka
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description macias - 2010-02-10 17:10:16 UTC 
Currently it works like this:
1. I set up zones, no complains
2. I try to save the settings, now all of the sudden interface names are validated

This workflow is tiresome, please, when user define for example eth0 is for internal zone, _immediately_ show it is unknown interface, not in very last step, when user is about to save settings.
Comment 1 Lukas Ocilka 2010-02-11 09:44:55 UTC 
.

*** This bug has been marked as a duplicate of bug 578789 ***
Comment 2 macias - 2010-02-11 16:52:52 UTC 
What is relevance with the other bug except for the poster and module (firewall)? 

Validating should occur just after user entered the interface names. It has nothing to do _what_ she/he entered.
Comment 3 Lukas Ocilka 2010-04-07 08:32:56 UTC 
There's no reason for firewall to validate input it gets from network
modules (list of network interfaces). IMO network should check the
interfaces before returning them to firewall.
Comment 4 Michal Zugec 2010-04-07 11:20:12 UTC 
Maciej, I suppose you're using NetworkManager, which uses it's own configuration format.
To "add" interface into firewall, try just "touch /etc/sysconfig/network/ifcfg-eth0" or start "yast2 lan" and create configuration for eth0.
Does it works for you?
Comment 6 macias - 2010-04-07 15:09:03 UTC 
Thank you for the tip. This workaround works and I also confirm it is KNM related, because once I turn it off, I can change the zone directly and the interface is recognized.

Just in case, remark -- this report is about changing validation "point", not about changing validation algorithm.
Comment 7 Lukas Ocilka 2013-04-16 11:54:43 UTC 
Michal, is there any Network*::*() function I could you to get list
of network devices instead of interfaces? See comment #5.
Comment 8 Lukas Ocilka 2013-04-18 15:19:21 UTC 
Sounds like task for Michal.

Please reassign if you have some function firewall could call or simply
fix it in firewall as well :) ;)
Comment 10 Josef Reidinger 2016-10-20 12:14:36 UTC 
*** Bug 683487 has been marked as a duplicate of this bug. ***
Comment 11 Josef Reidinger 2016-10-20 12:14:53 UTC 
*** Bug 820382 has been marked as a duplicate of this bug. ***
Comment 12 Josef Reidinger 2016-10-27 08:47:06 UTC 
*** Bug 955057 has been marked as a duplicate of this bug. ***