Bugzilla – Bug 1213609
Yast2 Firewall does not display configured Ports for zone
Last modified: 2023-09-26 07:51:54 UTC
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Build Identifier: I added TCP Port rules to my home zone in the Yast2 Firewall Configuration. After closing and opening the Firewall Configuration the Port is not visible. when executing "sudo firewall-cmd --list-all-zones" the configured port 8080 is listed though: home (active) target: default ingress-priority: 0 egress-priority: 0 icmp-block-inversion: no interfaces: wlo1 sources: services: dhcpv6-client kdeconnect mdns samba-client ssh ports: 8080/tcp protocols: forward: yes masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Reproducible: Always Steps to Reproduce: 1.Add a new Port rule for a zone in the Yast2 Firewall Configuration 2.Close the Firewall Configuration and restart Yast2 3.Open the Firewall Configuration and inspect the Ports tab of the zone. Actual Results: No Ports are displayed in the ports tab. Expected Results: The added Port should be displayed in the ports tab. It is only possible for me to remove the configured port by using firewall-cmd, You can not do so from the GUI, because it is not displayed.
(In reply to Christian Tallner from comment #0) > User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/114.0.0.0 Safari/537.36 > Build Identifier: > > I added TCP Port rules to my home zone in the Yast2 Firewall Configuration. > After closing and opening the Firewall Configuration the Port is not visible. > > when executing "sudo firewall-cmd --list-all-zones" > the configured port 8080 is listed though: > > home (active) > target: default > ingress-priority: 0 > egress-priority: 0 > icmp-block-inversion: no > interfaces: wlo1 > sources: > services: dhcpv6-client kdeconnect mdns samba-client ssh > ports: 8080/tcp > protocols: > forward: yes > masquerade: no > forward-ports: > source-ports: > icmp-blocks: > rich rules: > > > > Reproducible: Always > > Steps to Reproduce: > 1.Add a new Port rule for a zone in the Yast2 Firewall Configuration > 2.Close the Firewall Configuration and restart Yast2 > 3.Open the Firewall Configuration and inspect the Ports tab of the zone. > Actual Results: > No Ports are displayed in the ports tab. > > Expected Results: > The added Port should be displayed in the ports tab. > > It is only possible for me to remove the configured port by using > firewall-cmd, You can not do so from the GUI, because it is not displayed. Would be nice to have logs as described here https://en.opensuse.org/openSUSE:Report_a_YaST_bug. Which service action was done when applied the configuration, just a reloard or a restart of the service? The port is shown when running sudo firewall-cmd --permanent --list-all-zones
I have the same problem. For example, I want to add the SSH service in the "home" zone. The window closes immediately. When I open Yast2 firewall again, the service doesn't appear in the list of authorized services. However, the change has been made and is visible via firewall-cmd --list-all-zones. I encounter the same problem with cli and gui. No output is generated. Tumbleweed 20230729.
Created attachment 868722 [details] Yast2 Logs
(In reply to Knut Alejandro Anderssen González from comment #1) > (In reply to Christian Tallner from comment #0) > > User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, > > like Gecko) Chrome/114.0.0.0 Safari/537.36 > > Build Identifier: > > > > I added TCP Port rules to my home zone in the Yast2 Firewall Configuration. > > After closing and opening the Firewall Configuration the Port is not visible. > > > > when executing "sudo firewall-cmd --list-all-zones" > > the configured port 8080 is listed though: > > > > home (active) > > target: default > > ingress-priority: 0 > > egress-priority: 0 > > icmp-block-inversion: no > > interfaces: wlo1 > > sources: > > services: dhcpv6-client kdeconnect mdns samba-client ssh > > ports: 8080/tcp > > protocols: > > forward: yes > > masquerade: no > > forward-ports: > > source-ports: > > icmp-blocks: > > rich rules: > > > > > > > > Reproducible: Always > > > > Steps to Reproduce: > > 1.Add a new Port rule for a zone in the Yast2 Firewall Configuration > > 2.Close the Firewall Configuration and restart Yast2 > > 3.Open the Firewall Configuration and inspect the Ports tab of the zone. > > Actual Results: > > No Ports are displayed in the ports tab. > > > > Expected Results: > > The added Port should be displayed in the ports tab. > > > > It is only possible for me to remove the configured port by using > > firewall-cmd, You can not do so from the GUI, because it is not displayed. > > Would be nice to have logs as described here > https://en.opensuse.org/openSUSE:Report_a_YaST_bug. > > Which service action was done when applied the configuration, just a reloard > or a restart of the service? The port is shown when running sudo > firewall-cmd --permanent --list-all-zones sudo firewall-cmd --permanent --list-all-zones Does not list the port. sudo firewall-cmd --list-all-zones Does list the port. I added the logs, sorry for the delay.
Currently it sounds like a bug in the firewall-cmd or firewalld service firewall-cmd --list-all-zones firewall-cmd --permanent --zone=home --list-ports firewall-cmd --permanent --zone=home --list-all firewall-offline-cmd --list-all-zones Above commands lists the added port (8080/tcp in this case) firewall-cmd --permanent --list-all-zones doesn't show the port Neither explicit reload nor reboot helps I've tested it even without yast by using firewall-cmd --permanent --zone=home --add-port=8080/tcp Sounds like a regression, in Leap 15.3 it (--permanent --list-all-zones) works. firewall-cmd in - Leap 15.3 is 0.9.3 - in Tumbleweed is 2.0.0
Could you check it and confirm whether it is bug in firewalld / firewall-cmd
Hi, firewalld maintainer here. I see there are two bugs being discussed in this ticket. One relates to yast2 firewall component not reflecting assigned ports another one is bug in firewall-cmd --list-all-zones --permanent not working as expected. For the first bug, that's not under my jurisdiction and hopefully would better be taken care of by yast team. As for the second bug, I've verified it and confirmed it does happen. I'll be pushing out a new tumbleweed package update soon for that.
(In reply to Mohd Saquib from comment #7) > Hi, > firewalld maintainer here. I see there are two bugs being discussed in this > ticket. One relates to yast2 firewall component not reflecting assigned > ports another one is bug in firewall-cmd --list-all-zones --permanent not > working as expected. > > For the first bug, that's not under my jurisdiction and hopefully would > better be taken care of by yast team. > > As for the second bug, I've verified it and confirmed it does happen. I'll > be pushing out a new tumbleweed package update soon for that. yast developer responding ;-) yast relies on the above command and parses its output ... once the output works as expected I can verify yast side, but I believe it will magically work then ;-) Thanks for taking care.
Assigning it to firewalld maintainer as it was confirmed it is a firewalld bug.
It looks like should be fixed by https://build.opensuse.org/request/show/1105433
Yes, it's fixed.. I was just wondering why there was no OBS bot message saying fix is there.
can occasionaly happen. done