Bug 779455

I had this same issue after installing 12.2 i586 on one notebook PC on 9/9/2012.  The Yast2 Firewall module did not appear to stop the firewall.  I tried stopping the firewall from the Yast2 Runlevel and System Services module, but even though that returned success, the iptables -L command showed that firewall rules were still loaded.  I re-enabled the firewall services so that the firewall would come up when the PC booted.  I then ran, from a terminal as root, /etc/init.d/SuSEfirewall2_setup stop and /etc/init.d/SuSEfirewall2_init stop.  A subsequent run of iptables -L showed that no firewall rules were loaded.  I then rebooted to try to return the PC to a known-good state.  Now, the Yast2 firewall module shows that the firewall is not running, and pressing the "Start firewall now" button appears to do nothing.  (The Stop button is greyed out.)  Running iptables -L shows that firewall rules are loaded, and running /etc/init.d/SuSEfirewall2_setup start (or stop) and /etc/init.d/SuSEfirewall2_init start (or stop) now does nothing to change whether or not firewall rules are loaded.  So I have probably botched things up on top of a basic bug in the Yast2 Firewall module:  the Stop and Start Firewall Now buttons appear to do nothing.  I am okay with just reinstalling 12.2 on this notebook PC, so I expect no troubleshooting of the botching I may have done.

I have this issue on a new install of 12.2 64-bit.  The "Start Firewall Now" button is broken as well.

Please patch /usr/share/YaST2/modules/SuSEFirewall.ycp file with
this change (script change)

--- a/library/network/src/SuSEFirewall.ycp
+++ b/library/network/src/SuSEFirewall.ycp
@@ -116,7 +116,7 @@
     list <string> firewall_services_reverse = [ "SuSEfirewall2_setup", "SuSEfirewall2_init" ];
 
     /* script for starting and checking firewall status */
-    string firewall_script = "/sbin/SuSEfirewall2";
+    string firewall_script = "/sbin/service SuSEfirewall2_setup";
 
     list <string> SuSEFirewall_variables = [
        // zones and interfaces

and then as root:
  cd /usr/share/YaST2/modules/
  ycpc -c SuSEFirewall.ycp

This should help you

I patched one PC here at work as instructed and it did work -- thank you _very_ much.  i will try my home notebook this evening and respond if necessary.

I applied the patch in comment three on two more PCs running openSUSE 12.2, and it worked as expected.  Again, thank you, Lukas, for your help with this.

Thanks for testing, Bill.

Worked for me also.  Thanks!  (The buttons appear to wiggle around a little during the toggle, though)

Yeap, also worked for me! Thanks man.
Should it be a patch in the updates, so every one could have the new version through Apper or whatever they use to update their system?

Thanks again.

Is the updated package on its way to be released in the Update repository or is it something to be done? I don't see it on the update-test repository for 12.2.

Reopening...

Fix (comment #3) from Lukas submitted (sr #137811)

Thanks for your submission. Could you rename the patch to SuSEfirewall.patch please and mention it in the patchinfo, too. Please see the new guidelines of the review-team: http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines and don't forget to submit it to the devel-project YaST:Head, too if needed. Thanks.

Please cancel the submission, I've changed the patch after some internal
discussion and the code is now here:

    https://github.com/yast/yast-yast2/tree/openSUSE-12_2

Before releasing new yast2.rpm, all changes need to be in git

*** Bug 784246 has been marked as a duplicate of this bug. ***

Package submitted and asked for online update:

--- cut ---
osc submitreq home:locilka:12.2 yast2 openSUSE:12.2:Update
WARNING:
WARNING: Project does not accept submit request, request to open a NEW maintenance incident instead
WARNING:
created request id Request: #138204

  maintenance_incident: home:locilka:12.2/yast2 -> openSUSE:Maintenance (release in openSUSE:12.2:Update)

Message:
- Fixed detection whether firewall is running (BNC #779455) and
  unified with starting and stopping the service via Service API.
- 2.23.4

State:   new        2012-10-15T15:34:04 locilka
--- cut ---

Lukas, the old submission was already canceled. Thanks for the one.

And this submission was very bad.

-Requires:       yast2_ui
+Requires:       yui_backend 

This causes zypper to want to change my whole installation from x86_64 to i586.


you seem to have submitted a Factory level yast2 snapshot, not 12.2 level snapshot.

Please resubimit a smaller version.

Thomas, this change(see comment #17) was done by you. Do we already have
all the required packages in build or what could be the problem?

818b09a3 (Thomas Goettlicher  2012-06-20 18:20:06 +0200  24) Requires:       yui_backend

cat /etc/SuSE-release  (shortened)
openSUSE 12.2 (x86_64)

rpm -q yast2
yast2-2.23.3-1.2.1.x86_64

rpm -q --requires yast2 (shortened)
yast2_ui  

See the commit here:
https://github.com/yast/yast-yast2/commit/818b09a3

It was done 4 months ago but openSUSE 12.2 doesn't seem to have
a re-generated spec file in build.

For 12.2 we have yast2-libyui and yast2 should require yast2_ui. For 12.3 we use (standalone) libyui and yast2 should require yui_backend. 

I checked 12.3 Milestone 0 and it looks okay.

Thomas, but this is 12.2.

(In reply to comment #20)
> Thomas, but this is 12.2.
I fixed that in the 12.2 branch.

Could you create a new maintenancerequest with the fixed spec file, please? I'll add it to the running update.

I'm working on that...

Submitted with fixed spec file (thanks, Thomas).

created request id Request: #138341

Thanks! Merged the new submission to openSUSE:Maintenance:1009.

openSUSE-RU-2012:1379-1: An update that has one recommended fix can now be installed.

Category: recommended (low)
Bug References: 779455
CVE References: 
Sources used:
openSUSE 12.2 (src):    yast2-2.23.4-1.7.1