Yast network config and no firewall

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Yast network config and no firewall

Roger Oberholtzer-2
In the systems we set up for data collection, we disable the firewall
and do not install the firewall software. They are in vehicle on the
road with no connection to the outside world. So we have no use for
this feature.

In Yast, when configuring a NIC, one always gets a dialog telling that
the firewall software is not installed. One can click past it. But, if
the firewall is disabled and the software not installed, is this
dialog really necessary? I admit it is not a big thing. We don't
configure the NICs very often. But it seems odd to single out that one
feature and keep nagging about it.

(There. I have passed on our users' complaint...)


--
Roger Oberholtzer

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Yast network config and no firewall

Per Jessen
Roger Oberholtzer wrote:

> In the systems we set up for data collection, we disable the firewall
> and do not install the firewall software. They are in vehicle on the
> road with no connection to the outside world. So we have no use for
> this feature.

Exactly what we do for our office systems.  

> In Yast, when configuring a NIC, one always gets a dialog telling that
> the firewall software is not installed. One can click past it. But, if
> the firewall is disabled and the software not installed, is this
> dialog really necessary? I admit it is not a big thing. We don't
> configure the NICs very often. But it seems odd to single out that one
> feature and keep nagging about it.

https://bugzilla.opensuse.org/show_bug.cgi?id=898865


--
Per Jessen, Zürich (2.8°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Yast network config and no firewall

Michael Fischer-3
In reply to this post by Roger Oberholtzer-2
On Thu, Feb 01, Roger Oberholtzer wrote:

> In the systems we set up for data collection, we disable the firewall
> and do not install the firewall software. They are in vehicle on the
> road with no connection to the outside world. So we have no use for
> this feature.
>
> In Yast, when configuring a NIC, one always gets a dialog telling that
> the firewall software is not installed. One can click past it. But, if
> the firewall is disabled and the software not installed, is this
> dialog really necessary? I admit it is not a big thing. We don't
> configure the NICs very often. But it seems odd to single out that one
> feature and keep nagging about it.

I've always gone the route at OS install of "disable" SuSE firewall, but
without the sledgehammer of not installing the thing. Thus I don't get
the dialogs of which you speak, and as far as I'm concerned, the thing
isn't there. (I run my own handrolled iptables scripts).

HTH.

Michael
--
Michael Fischer
[hidden email]

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Yast network config and no firewall

Roger Oberholtzer-2
On Thu, Feb 1, 2018 at 10:59 PM, Michael Fischer <[hidden email]> wrote:

> I've always gone the route at OS install of "disable" SuSE firewall, but
> without the sledgehammer of not installing the thing. Thus I don't get
> the dialogs of which you speak, and as far as I'm concerned, the thing
> isn't there. (I run my own handrolled iptables scripts).

These openSUSE installs were built by us with kiwi. We don't ask that
the firewall stuff be installed. So it's not a matter of removing it.
It's never there. It would be odd to add software we will not use just
to get rid of a message that the software we have chosen not it
install is, in fact, not really there.

It's an example of a distribution setting policy. Which I'm not sure
it should so. I think it is rather misleading that this check be done.
I'm sure there are other security things that we do not install, and
there is no complaint. Why single out firewall?

Perhaps a better Yast module would be one that checks system security
in a more general and complete fashion. Just like many applications
that check if all their dependent parts are present. Like "inxi
--recommends".

No matter. Everything works as it is.


--
Roger Oberholtzer

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]