Lørdag 17 januar 2004 00:19 skrev Dylan:
On Friday 16 January 2004 23:13 pm, yep@osterbo-net.dk wrote:
Fredag 16 januar 2004 23:43 skrev Togan Muftuoglu:
* yep@osterbo-net.dk;
on 16 Jan, 2004 wrote: Fredag 16 januar 2004 17:02 skrev yep@osterbo-net.dk:
What is needed to fix in connection with SuSEfirewall to get whois working ??
Johan
btw example entry from /var/log/messages
Jan 16 21:29:57 Beast kernel: SuSE-FW-OUT-IPv6_PROHIB IN= OUT=eth0 SRC=fe80:0000:0000:0000:02e0:18ff:fe98:2c0f DST=2001:0610:0240:0000:0193:0000:0000:0202 LEN=80 TC=0 HOPLIMIT=64 FLOWLBL=0 PROTO=TC P SPT=23463 DPT=43 WINDOW=5760 RES=0x00 SYN URGP=0 OPT (020405A00402080A06BD8B110000000001030300)
According to the SuSEfirewall2 this is normal
# Drop all until IPv6 is really supported
test -z "$LDC" -o -z "$LDA" && $IP6TABLES -A INPUT -j LOG ${LOG}"-IN-IPv6_PROHIB " $IP6TABLES -A INPUT -j "$DROP" test -z "$LDC" -o -z "$LDA" && $IP6TABLES -A OUTPUT -j LOG ${LOG}"-OUT-IPv6_PROHIB " $IP6TABLES -A OUTPUT -j "$DROP"
Ah SuSE is doing a little "we know what" is best for you" ..... Looks like there should be a couple more "boxes" for some selection/ de-selection in Yast in that area (hint you to you SuSE-guys - meaning that you can always bring the options to the table just have them selected as a standard then people can change to something non-standard)
Now if I "hash" (#) those lines out or ... change the drop to an accept the whois should work again (and the PROHIB to ALLOW).
My problem as a network-n00b is .... do I open up for a lot of $hit or just ipv6 services in general ......
Are you sure you need ipv6 at all? Are you running or connected to an ipv6 network? Since you describe yourself as a network "n00b" I'd guess not. And I certainly wouldn't want to be fiddling in the SuSEFirewall2 script without being sure what I was doing.
Dylan
No ... but the thing is I want whois running and according to the output of the firewall something has to change. My question again is where can I change it in YAST if at all (running SuSE 9.0 PRO btw). Or would I get of easier of the hook if I only used the FW_quick options ?? Johan
Johan
So this is normal --
Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't CC me.
-- "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin