[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-security
Subject: Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on
From: "Sebastian J. Bronner" <waschtl () sbronner ! com>
Date: 2002-01-31 11:42:52
[Download RAW message or body]
On Wednesday 30 January 2002 23:21, Steffen Dettmer wrote:
> I cannot imagine that SuSEfirewall2 states that eth0:0 is a
> device (otherwise it was a good idea not to use it :) SCNR). But
> maybe it's just some shorthand for something. Who knows.
I'm guessing that it should work either way.
> Now you are not constructive. And this is not a statement you are
> "allowed" to make as question maker. I spent my free time to try
> to help you, and you come with such things, this is not nice.
I are correct as well. I should accept the non-constructive with the
constructive. I guess that makes us even.
> What does this mean? You made a small script that sets up some
I didn't make it. It's taken verbatim from
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html
I don't trust it as much as I would trust SuSEfirewall's script, after all
SuSE (hopefully) spent a lot of time on it, working out all the different
contingencies.
> firewall rules? Why isn't this integrating nicely?
I put a symlink to it in /etc/init.d/boot.d/ so it starts on bootup, instead
of controlling it from /etc/rc.config (preferable) like SuSEfirewall{1,2}
> like "--source $home --dest ! $home --dev device"? In this case,
> the device usually shouldn't matter at all. I don't think it's
> very logic to do address translation "on" a interface. Well, at
As I have only marginal experience with firewalls, I cannot explain to you
why the configuration file is the way it is either.
> least you can now compare your rules with the rules generated by
> SuSEfirewall and adapt Sfw2 to your needs.
Perhaps. I guess I will keep hacking at it until it works (or SuSE releases
another version (whichever comes first)).
--
Sebastian J. Bronner
waschtl@sbronner.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic