Bug 578787 - firewall: validate interface name when attaching it to zone
firewall: validate interface name when attaching it to zone
: 683487 820382 955057 (view as bug list)
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: YaST2
x86-64 Other
: P5 - None : Enhancement (vote)
: ---
Assigned To: Michal Filka
Jiri Srain
Depends on:
  Show dependency treegraph
Reported: 2010-02-10 17:10 UTC by macias -
Modified: 2021-02-26 20:26 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description macias - 2010-02-10 17:10:16 UTC
Currently it works like this:
1. I set up zones, no complains
2. I try to save the settings, now all of the sudden interface names are validated

This workflow is tiresome, please, when user define for example eth0 is for internal zone, _immediately_ show it is unknown interface, not in very last step, when user is about to save settings.
Comment 1 Lukas Ocilka 2010-02-11 09:44:55 UTC

*** This bug has been marked as a duplicate of bug 578789 ***
Comment 2 macias - 2010-02-11 16:52:52 UTC
What is relevance with the other bug except for the poster and module (firewall)? 

Validating should occur just after user entered the interface names. It has nothing to do _what_ she/he entered.
Comment 3 Lukas Ocilka 2010-04-07 08:32:56 UTC
There's no reason for firewall to validate input it gets from network
modules (list of network interfaces). IMO network should check the
interfaces before returning them to firewall.
Comment 4 Michal Zugec 2010-04-07 11:20:12 UTC
Maciej, I suppose you're using NetworkManager, which uses it's own configuration format.
To "add" interface into firewall, try just "touch /etc/sysconfig/network/ifcfg-eth0" or start "yast2 lan" and create configuration for eth0.
Does it works for you?
Comment 6 macias - 2010-04-07 15:09:03 UTC
Thank you for the tip. This workaround works and I also confirm it is KNM related, because once I turn it off, I can change the zone directly and the interface is recognized.

Just in case, remark -- this report is about changing validation "point", not about changing validation algorithm.
Comment 7 Lukas Ocilka 2013-04-16 11:54:43 UTC
Michal, is there any Network*::*() function I could you to get list
of network devices instead of interfaces? See comment #5.
Comment 8 Lukas Ocilka 2013-04-18 15:19:21 UTC
Sounds like task for Michal.

Please reassign if you have some function firewall could call or simply
fix it in firewall as well :) ;)
Comment 10 Josef Reidinger 2016-10-20 12:14:36 UTC
*** Bug 683487 has been marked as a duplicate of this bug. ***
Comment 11 Josef Reidinger 2016-10-20 12:14:53 UTC
*** Bug 820382 has been marked as a duplicate of this bug. ***
Comment 12 Josef Reidinger 2016-10-27 08:47:06 UTC
*** Bug 955057 has been marked as a duplicate of this bug. ***