Bug 7338 - sshd firewall configuration fails on SLE 15
Summary: sshd firewall configuration fails on SLE 15
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Server Installer (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.10.1
Assignee: Pierre Ossman
URL:
Keywords: relnotes, samuel_tester
Depends on:
Blocks: 7336
  Show dependency treegraph
 
Reported: 2019-04-25 13:55 CEST by Pierre Ossman
Modified: 2019-08-06 10:11 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2019-04-25 13:55:03 CEST
Seen in the log:

> 2019-04-25 13:42:11,407: Creating firewall service 'tlwebaccess' using ports 300:TCP
> 2019-04-25 13:42:13,746: Enable firewall service 'tlwebaccess'
> 2019-04-25 13:42:15,071: Creating firewall service 'tlwebadm' using ports 1010:TCP
> 2019-04-25 13:42:17,501: Enable firewall service 'tlwebadm'
> 2019-04-25 13:42:18,834: Creating firewall service 'tlmaster' using ports 9000:TCP
> 2019-04-25 13:42:20,944: Enable firewall service 'tlmaster'
> 2019-04-25 13:42:22,315: Creating firewall service 'tlagent' using ports 904:TCP
> 2019-04-25 13:42:24,435: Enable firewall service 'tlagent'
> 2019-04-25 13:42:25,761: Enable system firewall service 'sshd'
> 2019-04-25 13:42:26,442: Failed to enable firewall service sshd
> 2019-04-25 13:42:26,443:     Error: INVALID_SERVICE: 'sshd' not among existing services
> 2019-04-25 13:42:26,443: failed to configure firewall.
Comment 1 Pierre Ossman cendio 2019-07-08 10:34:11 CEST
The current system wasn't very flexible and had a hard coded connection between the distribution and what the SSH service should be called. It seems likely that the choice of firewall software also affects the naming.

Let's try to be more flexible and let the system check for several likely names no matter the distribution.
Comment 3 Pierre Ossman cendio 2019-07-08 11:20:28 CEST
Works well now. Unfortunately this meant changing all four firewall backends (firewalld, SuSEFirewall2, lokkit, ufw) so all need to be checked.
Comment 4 Samuel Mannehed cendio 2019-07-09 13:40:21 CEST
Works well!

* Verified "FirewallBackendFirewalld" on SUSE 15
* Verified "FirewallBackendSuse" on SUSE 12
* Verified "FirewallBackendFirewalld" on Fedora 30
* Verified "FirewallBackendLokkit" on RHEL 6
* Verified "FirewallBackendUfw" on Ubuntu 18.04
Comment 5 Samuel Mannehed cendio 2019-08-06 10:10:49 CEST
Seems like this bug also fixed firewalld running on Ubuntu 18.04.

Note You need to log in before you can comment on or make changes to this bug.