Home_greyopenFATE - openSUSE feature tracking > #303859
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

simple network configuration in 1st stage

Feature state

openSUSE-11.1
Rejected Information
openSUSE-11.2
Done

Description

The feature of "Automatic Configuration" has a nice effect of not asking users
for accepting all the default settings. However, there's (at least) one setting
that is default but still not widely accepted (I think so - at least I change
it always): it's the firewall that is automatically running.

Wouldn't it be good to have some simple client, only opened from installation
proposal upon user's request (so not by default) where could be this option
configured? Even better would be "Network" part in Installation summary, with the only setting "Firewall on", which would be a link which value changes on click.

References

https://bugzilla.novell.com/show_bug.cgi?id=379149

https://bugzilla.novell.com/show_bug.cgi?id=303859

Discussion


icons/user_comment.png M. E. wrote: (10 years ago)

An automatically running firewall is great - for the average user. And this even applies in enterprise. I strongly recomment to reject this feature for ALL products: SLES, SLED and openSUSE, but leave it to Federico.

Guy, Federico, Michl, Marcus?

icons/user_comment.png J. S. wrote: (10 years ago)

Well, I'm not asking for not starting firewall by default. I agree it is good to have it automatically on.
But we miss an option to change this during the installation workflow.

icons/user_comment.png M. S. wrote: (10 years ago)

Right, the proposal was to have a simple way, ideally a hyperlink, to disable the firewall, either completely or just for some services (ssh) somewhere accessible during the installation workflow. We should certainly keep the current default of running firewall automatically.

icons/user_comment.png L. O. wrote: (10 years ago)

It's quite easy to add another firewall_proposal client to the fist stage but that one could only provide enable/disable functionality (the default value is set in control file already).

On the other hand, opening a firewall for
some services
couldn't be done as these services are known after packages with service-definitions are installed (firewall services defined by packages). Using other words: In the installed system.

This feature is more about specific configuration dialogs providing functionality to
Open Firewall for XYZ Service
- I think only configuration of users is affected now (samba-client, SLP broadcast reply, ...?).

icons/user_comment.png J. S. wrote: (10 years ago)

No, it isn't. This feature is about possibility to either shut down the firewall or open ports for defined (not arbitrary) services (e.g. ssh). No samba, no SLP.

It is called
simple network configuration in 1st stage.

icons/user_comment.png L. O. wrote: (10 years ago)

Yes I know what is it called, but as I've already written, in first stage, firewall can be only enabled or disabled. No additional servics could be open as they are unknown in that stage. I'm just talking about the limits of the proposed firewall/network client in first stage. The rest is left on particular modules to open ports/services as required by a specific service used in second stage.

Services are defined in packages, their ports, names, description. Even SSH has its own definition in openssh package:
/etc/sysconfig/SuSEfirewall2.d/services/sshd
. This package needen't be installed at all.

icons/user_comment.png J. S. wrote: (10 years ago)

And again, I am not requesting any configuration of services in this stage. Basically I want the same thing we have in current network proposal (at the beginning of currently-usually-unused 2nd stage) , where you can shut firewall down and/or open ssh port. If sshd is the problem (but in the time of installation proposal, we know if it is going to be installed or not, so it may be hidden if sshd is not selected for installation) it doesn't have to be there, and it may consist of simple firewall off/on hyperlink.

So yes, it is true that
firewall_proposal client ...could only provide enable/disable functionality , but this is actually the point of this feature.

I should probably also make clear that I'm not requesting any additonal step in the sequence, only the option to be selected from installation summary, just like
Installation from Images is enabled (disable) one.

icons/user_comment.png G. L. wrote: (10 years ago)

Could this be served by providing an hyperlink which would open the current network module presented during the normal installation?

Like I had made my initial priority, I am pretty neutral on this. I think power users would appreciate the feature but most of our 1-time installation users would not care. I am fine having it if the investment is very small.

icons/user_comment.png J. S. wrote: (10 years ago)

Hyperlink yes, but for enabling/disabling, not for full firewall configuration. This is not really possible in 1st stage, see Lukas' comments 4 and 6.

icons/user_comment.png F. L. wrote: (10 years ago)

Guys, I am not following... why do we want the enable/disable choice in 1st stage? Looks just fine to me as is. Please clarify what's the advantage of allowing the choice earlier.

icons/user_comment.png J. S. wrote: (10 years ago)

In previous versions, we had the network configuration proposed which user had to accept, but now the networking is (by default) configured automatically (and this is without debates fine for most users). The old screen with the network configuration had an option disable firewall with one click and this is the thing which I miss now (yes, it is possible to use the old way also in 11.0, but it brings bunch of other configuration options that are correctly done automatically).

So,
earlier actually means
during installation . Of course this is possible to configure after the installation, but just like many other users, I'd like to have the system configured after the system is installed.

icons/user_comment.png F. L. wrote: (10 years ago)

okay - I understand. Yes, this is handy, as it saves the need to go through all the config when all one wants to do is remove the fw.

_if_ there is a way to include in the early workflow, lets do it. Of course, that may not be the case on "keeping it simple" grounds.

icons/user_comment.png S. V. wrote: (9 years ago)

I agree, if we are able to find a reasonable place, would be nice to have.

icons/user_comment.png J. S. wrote: (8 years ago)

Bubli, please, add very simple Firewall configuration to the first stage (only enabling/disabling firewall itself and opening/closing the SSH port).

icons/user_comment.png R. U. wrote: (8 years ago)

Case study - Firewall on factory 11.2

The most common case today is the most hard to find out how to configure: In a normal 192.168.0.0 network that has a router to internet connection, there is also a total cracked Windows computer. So I want to enable SUSEfirewall. But I don't have seperated internal/external devices - all help directs to this seperated zones. And is my 127.0.0.0 network affected if I do default all to untrusted/external ?

Where are examples? Help is no help. Fortunately I found in a forum message I do have:

file:///usr/share/doc/packages/SuSEfirewall2/EXAMPLES.html

Last change: 8 years ago
Voting
Score: 4
  • Negative: 1
  • Neutral: 0
  • Positive: 5
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint