www.cendio.com
Bug 7338 - sshd firewall configuration fails on SLE 15
: sshd firewall configuration fails on SLE 15
Status: CLOSED FIXED
: ThinLinc
Server Installer
: trunk
: PC Unknown
: P2 Normal
: 4.10.1
Assigned To:
:
:
:
: 7336
  Show dependency treegraph
 
Reported: 2019-04-25 13:55 by
Modified: 2019-08-06 10:11 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2019-04-25 13:55:03
Seen in the log:

> 2019-04-25 13:42:11,407: Creating firewall service 'tlwebaccess' using ports 300:TCP
> 2019-04-25 13:42:13,746: Enable firewall service 'tlwebaccess'
> 2019-04-25 13:42:15,071: Creating firewall service 'tlwebadm' using ports 1010:TCP
> 2019-04-25 13:42:17,501: Enable firewall service 'tlwebadm'
> 2019-04-25 13:42:18,834: Creating firewall service 'tlmaster' using ports 9000:TCP
> 2019-04-25 13:42:20,944: Enable firewall service 'tlmaster'
> 2019-04-25 13:42:22,315: Creating firewall service 'tlagent' using ports 904:TCP
> 2019-04-25 13:42:24,435: Enable firewall service 'tlagent'
> 2019-04-25 13:42:25,761: Enable system firewall service 'sshd'
> 2019-04-25 13:42:26,442: Failed to enable firewall service sshd
> 2019-04-25 13:42:26,443:     Error: INVALID_SERVICE: 'sshd' not among existing services
> 2019-04-25 13:42:26,443: failed to configure firewall.
------- Comment #1 From cendio 2019-07-08 10:34:11 -------
The current system wasn't very flexible and had a hard coded connection between
the distribution and what the SSH service should be called. It seems likely
that the choice of firewall software also affects the naming.

Let's try to be more flexible and let the system check for several likely names
no matter the distribution.
------- Comment #3 From cendio 2019-07-08 11:20:28 -------
Works well now. Unfortunately this meant changing all four firewall backends
(firewalld, SuSEFirewall2, lokkit, ufw) so all need to be checked.
------- Comment #4 From cendio 2019-07-09 13:40:21 -------
Works well!

* Verified "FirewallBackendFirewalld" on SUSE 15
* Verified "FirewallBackendSuse" on SUSE 12
* Verified "FirewallBackendFirewalld" on Fedora 30
* Verified "FirewallBackendLokkit" on RHEL 6
* Verified "FirewallBackendUfw" on Ubuntu 18.04
------- Comment #5 From cendio 2019-08-06 10:10:49 -------
Seems like this bug also fixed firewalld running on Ubuntu 18.04.