Bug 989145

Summary: document firewall behaviour for "no zone assigned"
Product: [openSUSE] openSUSE Distribution Reporter: Joachim Wagner <jo4su>
Component: DocumentationAssignee: Frank Sundermeyer <fs>
Status: RESOLVED FIXED QA Contact: Frank Sundermeyer <fs>
Severity: Normal    
Priority: P5 - None CC: ab, aburgemeister, dmitri.popov
Version: Leap 42.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Joachim Wagner 2016-07-15 10:42:44 UTC 
The documentation should say what firewall rules apply when an interface is assigned to the zone "No zone assigned".

The following discussions and my own observations suggest that currently the behaviour is the same as if the interface is assigned to the zone "External Zone":

https://forums.opensuse.org/showthread.php/518486-In-Yast-no-zone-assigned-to-interface-in-firewall-which-firewall-rules-apply

bug #931152

The above forum discussion shows that some users wrongly assume that the "No zone" is always closed, allowing only outgoing connections. If this zone is then used for the public network and the external zone for a more secure but still not fully trusted network, this opens up security issues.
Comment 1 Dmitri Popov 2017-05-09 10:54:53 UTC 
Fiyed in https://github.com/SUSE/doc-sle/pull/137