'Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on
From:       "Sebastian J. Bronner" <waschtl () sbronner ! com>
Date:       2002-01-31 11:42:52
[Download RAW message or body]

On Wednesday 30 January 2002 23:21, Steffen Dettmer wrote:
> I cannot imagine that SuSEfirewall2 states that eth0:0 is a
> device (otherwise it was a good idea not to use it :) SCNR). But
> maybe it's just some shorthand for something. Who knows.

I'm guessing that it should work either way.

> Now you are not constructive. And this is not a statement you are
> "allowed" to make as question maker. I spent my free time to try
> to help you, and you come with such things, this is not nice.

I are correct as well.  I should accept the non-constructive with the 
constructive.  I guess that makes us even.

> What does this mean? You made a small script that sets up some

I didn't make it.  It's taken verbatim from
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html
I don't trust it as much as I would trust SuSEfirewall's script, after all 
SuSE (hopefully) spent a lot of time on it, working out all the different 
contingencies.

> firewall rules? Why isn't this integrating nicely?

I put a symlink to it in /etc/init.d/boot.d/ so it starts on bootup, instead 
of controlling it from /etc/rc.config (preferable) like SuSEfirewall{1,2}

> like "--source $home --dest ! $home --dev device"? In this case,
> the device usually shouldn't matter at all. I don't think it's
> very logic to do address translation "on" a interface. Well, at

As I have only marginal experience with firewalls, I cannot explain to you 
why the configuration file is the way it is either.

> least you can now compare your rules with the rules generated by
> SuSEfirewall and adapt Sfw2 to your needs.

Perhaps.  I guess I will keep hacking at it until it works (or SuSE releases 
another version (whichever comes first)).
-- 
Sebastian J. Bronner
waschtl@sbronner.com

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic