Hi folks, I'm back from one month of vacation so it's time for some updates! With the kernel-2.4 being released I will now start to work on SuSEfirewall2 which will be for iptables. Should be available in the next days/weeks SuSEfirewall v4.3: * Added support for selective access for trusted hosts/nets. * Added bind9 support to FW_SERVICE_DNS * Fixed a bug in the FW_ALLOW_PING_DMZ function * Fixed a mini bug in SuSEfirewall where the ICMP timeexceed rate was not set. (thanks to sm@suse.de) * Added a check for /etc/resolv.conf to prevent awk error messages * Fixed many typos (thanks to the SuSE Team!) v4.2.1 01.02.01 (gamma release) -> SuSE 7.1 * Added kernel 2.4 support via ipchains modul * Changed install script to new runlevels (done by Kurt Garloff, thanks!) harden_suse v3.0: * added RUN_UPDATEDB_AS security * removed permissions.paranoia support. yes to to question 2 sets permissions to secure, a no leaves the old value * removed the ulimit settings, just core files will be prevented * added some START_ variables to ignore for SuSE 7.1 * fixed a bug where accounting and scanlogd were not enabled * fixed some output presentation stuff Please note that harden_suse was not available on SuSE Linux 7.1 - so get it as an update package. Either wait for the rpm to be available on the SuSE FTP servers, or be desperate and a nice beta tester (although I tested them and found no bugs) and download the .tar.gz balls from http://www.suse.de/~marc Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Research and Advisory PGP: "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C Private: http://www.suse.de/~marc SuSE: http://www.suse.de/security