On Sunday 11 February 2007 05:46, James Tremblay wrote:
sounds like YAST needs to be modified to modify the firewall automatically when opensuse joins a "workgroup" or Windows "domain".
When you configure the desktop machine as smb client in yast, the firewall on that desktop needs to be appropriately modified to allow the box to be an smb client. If share browsing is a particular security problem, then an extra tickbox for this with a brief notice what it does and how it reduces security would be good.
in defense of the "change the interface" suggestion, most people are behind a firewall on an enterprise network and expect that system to protect them.
For any desktop box on a LAN, changing interface to internal zone is equivalent to uninstalling the firewall on that desktop. This should have been made clear. It's IMHO not a solution, certainly not an acceptable one. Anything else is better than that. Isn't it sufficient for share browsing to open ports 137 to 139 (udp and/or tcp) for smb related traffic? I was under the impression that NFS was *much* more difficult to firewall because ports used are dynamically assigned. Yet in later SUSE versions it works impressively well, it's spot on out of the box. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org