Bugzilla – Bug 1213568
firewalld creates new unwanted zones after updates
Last modified: 2023-07-24 06:01:26 UTC
Our Situation: We define two network interfaces named "intern" and "extern" by udev-rules, these interfaces are assigned to corresponding zones "internal" and "external". After Leap Updates/Upgrades using YOU or zypper both interfaces are removed from their zones and are assigned to the new created zone "public" Result: No more connection to our servers possible! Very bad if we work remote an the servers are in far distance... In /etc/firewalld.conf we define the zone "external" as default zone for new devices. "# default zone # The default zone used if an empty zone string is used. # Default: public DefaultZone=external" zypper, yast or whatever should not touch the existing firewall-configuration. Stefan
Additional info: we use wicked for the network and interface management.
(In reply to Stefan Schäfer from comment #0) > After Leap Updates/Upgrades Which one? openSUSE-SLE-15.4-2023-1668 with 0.9.3-150400.8.9.1 is from March. > zypper, yast or whatever should not touch the existing > firewall-configuration. Consider setting up a pre-production environment.
(In reply to Andreas Stieger from comment #2) > (In reply to Stefan Schäfer from comment #0) > > After Leap Updates/Upgrades > > Which one? openSUSE-SLE-15.4-2023-1668 with 0.9.3-150400.8.9.1 is from March. Its openSUSE Leap 15.4 with firewalld-0.9.3-150400.8.9.1. But we have recognized this behavior also on earlier openSUSE leap versions. > > > zypper, yast or whatever should not touch the existing > > firewall-configuration. > > Consider setting up a pre-production environment. How?
I found the problem. In /etc/sysconfig/network/ifcdg-[ex|in]tern both interfaces are assigned to zone public. This causes the reconfiguration. We have to remember this at setup.