Suse Firewall 2.6
Hi everyone, After upgrading to 7.0 the Suse firewall was also upgraded to 2.6 and after adjusting to what I thought to be secure I started to get the following deny errors. Oct 13 09:24:18 isguzar kernel: Packet log: output DENY ppp0 PROTO=1 212.57.4.190:3 212.57.1.12:3 L=134 S=0xC0 I=2912 F=0x0000 T=255 (#3) Oct 13 09:24:19 isguzar kernel: Packet log: output DENY ppp0 PROTO=1 212.57.4.190:3 63.102.200.2:3 L=247 S=0xC0 I=2924 F=0x0000 T=255 (#3) Oct 13 09:24:19 isguzar kernel: Packet log: output DENY ppp0 PROTO=1 212.57.4.190:3 63.102.200.2:3 L=247 S=0xC0 I=2925 F=0x0000 T=255 (#3) In my named.conf file 63.102.200.2 and 212.57.1.12 are used as forwarders. Do I define these under trusted nets or some other place in the SuSE firewall config file. Thanks in advance -- Togan Muftuoglu toganm@turk.net 100% MS FREE Absolutely no component of Microsoft was used in the generation or posting of this e-mail. So it is virus free
Hi everyone Well I want to be on the paranoid side and deny the ICMP requests. But my question is still remains unanswered (from my POV) where and how do I define the two DNS forwarders in the "SuSEfirewall script" if I take our the forward first option from the named.conf I do not get these messages but this is not the solution I amlooking for.
In my named.conf file 63.102.200.2 and 212.57.1.12 are used as forwarders. Do I define these under trusted nets or some other place in the SuSE firewall config file.
Thanks in advance
--
-- Togan Muftuoglu toganm@turk.net 100% MS FREE Absolutely no component of Microsoft was used in the generation or posting of this e-mail. So it is virus free
in that case, you want to create the following rules: ipchains -A input -b -p tcp -d 63.102.200.2/32 --destination-port domain -j ACCEPT ipchains -A input -b -p tcp -d 212.57.1.12/32 --destination-port domain -j ACCEPT ipchains -A output -p tcp -d 63.102.200.2/32 --destination-port domain -j ACCEPT ipchains -A output -p tcp -d 212.57.1.12/32 --destination-port domain -j ACCEPT this will allow domain requests to the two dns servers and allow receival of their responses. madduck@madduck.net (greetings from the heart of the sun)
participants (2)
-
MaD dUCK
-
Togan Muftuoglu