First of all, thanks for the feedback.

As Ancor already replied, a YaST interface for configuring firewalld is in its way and we probably will blog about it very soon.

About your comments:

1) Completely agree, firewall-config does not permit to configure the firewall when it is not running having to move to the command line in order to be able to configure it.

2) Well, with firewalld you have a permanent and runtime configuration, so you could apply the changes in runtime and if all is fine then make these changes permanent with the runtime-to-permanent call.

If I’m not wrong there is no an option to write the iptables rules temporally until you confirm all was fine (safe-reload)

Saying that, the new YaST UI will work only with the permanent configuration which means that your changes will be applied to runtime when writing, ie you probably could lock yourself also out. So, maybe this safety writing could be a nice feature to have when we support multiple configurations.

3) We hope that the new YaST UI makes the firewalld configuration more familiar to YaST users and easier to work with. Although take in account that the old interface was very tied to the SuSEfirewall2 configuration and the new design was influenced by the way firewalld is defining it.

About the Partitioner, we are working hard to make it a much better tool for the upcoming Leap 15.1. Have you reported the errors at bugzilla.opensuse.org? It’s almost impossible to fix things with vague sentences like “crashed twice” or “delivered reproducibly wrong values when reading in the existing config”. It would be MUCH better to have bug reports including the logs of the installation, so we can now what went wrong in your case.

About the unpleasant default UI of Firewalld, we agree and we are developing a YaST interface to configure Firewalld in a way that is more familiar to YaST users. It will be available in Leap 15.1 and also (in a reduced version) as a maintenance update for Leap 15.0.

I am currently (just today) trying to install Leap 15 remote on a server located at Hetzner. I have been writing about my desastrous experiences here: https://forums.opensuse.org/showthread.php/533525-Erfahrungen-mit-remote-Installation-auf-Hetzner-Rechnern

My concrete problem is right now that I am trying to configure the firewall in YaST and it seems that this is not possible from remote, because:

1) One cannot start and use the Firewall config software without first starting the firewall. What a crap!

2) I had done this in a previous installation attempt but after starting the firewall I had no more chance to log into this box via VNC.

*** So my question is: How can one configure the firewall remotely without the risk of locking oneself out? ***

3) My comment about the new firewall tool from Red Hat: This UI is extremely unclear, non-intuitive and no documentation or help is available. I regard this as the by far morst idiotic tool at all and I am NOT anlone with this opinion as I found many very critical comments.

It is inacceptable to supply such a tool without a PROPER documentation, which clearly explains the purpose of the various views.

The seems to be NO way to enable or disable the entire Firewall (as was the case in the old tool).

This “permanent / runtime” button is a very bad idea, too, very confusing, desastrous UI.

Why don’t you supply/allow the old relatively good SuSe firewall tool?

Partitioner
———–

The partioner crashed twice during my remote installation attempts at Hetzner and delivered reproducably wrong values when reading in the exiting config into the partitioner.

My overall strong impression is that the Leap 15 realease is instable and premature. 13.2 was by far better in many respects.

If I had not been working with SuSe for many years, I would give it the boot.

Frank