On Fri, Aug 30, 2002 at 09:31:18AM +0200, Thomas Gaertner wrote:
Hello,
I 've some problems with the SuSEfirewall2. In my setup it allows access to ports ( like telnet mysql... ) which I have NOT opened to the outside. I use also autoprotection but it does not help.
Does anyone have an idea how i get my firewall working?
[...]
# 10.) # Which services should be accessible from trusted hosts/nets? # # Define trusted hosts/networks (doesnt matter if they are internal or # external) and the TCP and/or UDP services they are allowed to use. # # Choice: leave FW_TRUSTED_NETS empty or any number of computers and/or # networks, seperated by a space. e.g. "172.20.1.1 172.20.0.0/16" # Optional, enter a protocol after a comman, e.g. "1.1.1.1,icmp" # Optional, enter a port after a protocol, e.g. "2.2.2.2,tcp,22" # FW_TRUSTED_NETS="141.43.23.123/16"
If I remember right, these trusted nets have *full* access to your firewall. If you tested your firewall from one of these IPs, you certainly haven't tested all your external rules. Besides, I wouldn't trust so much hosts. -- Michel Messerschmidt 9messers@informatik.uni-hamburg.de http://www.michel-messerschmidt.de