Bug 1136512 - Yast2-nfs-*** comlpain about missing firewalld service
Yast2-nfs-*** comlpain about missing firewalld service
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Network
Current
x86-64 Other
: P5 - None : Normal (vote)
: ---
Assigned To: Knut Alejandro Anderssen González
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-28 07:15 UTC by robert spitzenpfeil
Modified: 2019-05-31 08:01 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
screenshot of YaST2-nfs-server (21.67 KB, image/png)
2019-05-28 07:15 UTC, robert spitzenpfeil
Details

Note You need to log in before you can comment on or make changes to this bug.
Description robert spitzenpfeil 2019-05-28 07:15:16 UTC
User-Agent:       Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Build Identifier: 

After installing yast2-nfs-server + automatic deps, it complains about not being able to configure the firewall, due to missing services.

Reproducible: Always
Comment 1 robert spitzenpfeil 2019-05-28 07:15:50 UTC
Created attachment 806145 [details]
screenshot of YaST2-nfs-server
Comment 2 robert spitzenpfeil 2019-05-28 07:18:41 UTC
I would expect the necessary files in /usr/lib/firewalld/services/ to be part of the nfs-kernel-server package, or something similar.
Comment 3 Knut Alejandro Anderssen González 2019-05-29 15:14:22 UTC
It is somehow related to:

https://bugzilla.suse.com/show_bug.cgi?id=1083487#c8

So, although the module was updated, the module does not provide a list of ports to be opened.


Matthias, what is the current state of NFSv3/NIS in firewalld? There is something that we can already do from YaST POV?.
Comment 4 Matthias Gerstner 2019-05-31 08:01:04 UTC
(In reply to Knut Alejandro Anderssen González from comment #3)
> It is somehow related to:
> 
> https://bugzilla.suse.com/show_bug.cgi?id=1083487#c8
> 
> So, although the module was updated, the module does not provide a list of
> ports to be opened.
> 
> 
> Matthias, what is the current state of NFSv3/NIS in firewalld? There is
> something that we can already do from YaST POV?.

Basically the status is that for NFSv4 you can simply use the "nfs" firewalld service which contains only the single static port. This suffices for NFSv4.

For NFSv3 there's the possibily to manually configure things to use static ports. I've added a little command line tool called `firewalld-rpcbind-helper` to simplify this task. There is some documentation about it in [1] section 16.4.2.

[1]: https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.firewall.html#sec.security.firewall.firewalld

Adding rfrohl since he is now the firewalld maintainer from security side.