Mailinglist Archive: opensuse-bugs (9710 mails)
| < Previous | Next > |
[Bug 335811] SuSEFirewall2 should have a more human readable interface.
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Fri, 16 Nov 2007 11:01:28 -0700 (MST)
- Message-id: <20071116180128.0718624538C@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=335811#c8
Lukas Ocilka <locilka@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |WONTFIX
--- Comment #8 from Lukas Ocilka <locilka@xxxxxxxxxx> 2007-11-16 11:01:27 MST
---
Anyway, I'm sorry but I have to close this request as WONTFIX because you're
requesting something that just SuSEfirewall2 can't do:
See /etc/sysconfig/SuSEfirewall2
variable 'FW_FORWARD_MASQ'
* It can't name rules (Everquest, Bittorrent2...)
* It can't forward port-ranges (nevertheless joining following ports could
be done in UI).
* It can't disable particular rules
* Protocol is either TCP or UDP but could be merged in UI too.
# Format: space separated list of
# <source network>,<ip to forward to>,<protocol>,<port>[,redirect
port,[destination ip]]
#
# Protocol must be either tcp or udp
#
# Examples: - "4.0.0.0/8,10.0.0.10,tcp,80" forward all tcp request on
# port 80 coming from the 4.0.0.0/8 network to the
# internal server 10.10.0.10
# - "4.0.0.0/8,10.0.0.10,tcp,80,81" forward all tcp request on
# port 80 coming from the 4.0.0.0/8 network to the
# internal server 10.10.0.10 on port 81
# - "200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202"
# the network 200.200.200.0/24 trying to access the
# address 202.202.202.202 on port 80 will be forwarded
# to the internal server 10.0.0.10 on port 81
#
# Note: du to inconsitent iptables behaviour only port numbers are possible but
# no service names
(https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=273)
#
FW_FORWARD_MASQ="0/0,192.168.1.107,tcp,32700 0/0,192.168.1.107,tcp,32701
0/0,192.168.1.107,tcp,32702 0/0,192.168.1.107,tcp,32703
0/0,192.168.1.107,tcp,32704 0/0,192.168.1.107,tcp,32705"
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Lukas Ocilka <locilka@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |WONTFIX
--- Comment #8 from Lukas Ocilka <locilka@xxxxxxxxxx> 2007-11-16 11:01:27 MST
---
Anyway, I'm sorry but I have to close this request as WONTFIX because you're
requesting something that just SuSEfirewall2 can't do:
See /etc/sysconfig/SuSEfirewall2
variable 'FW_FORWARD_MASQ'
* It can't name rules (Everquest, Bittorrent2...)
* It can't forward port-ranges (nevertheless joining following ports could
be done in UI).
* It can't disable particular rules
* Protocol is either TCP or UDP but could be merged in UI too.
# Format: space separated list of
# <source network>,<ip to forward to>,<protocol>,<port>[,redirect
port,[destination ip]]
#
# Protocol must be either tcp or udp
#
# Examples: - "4.0.0.0/8,10.0.0.10,tcp,80" forward all tcp request on
# port 80 coming from the 4.0.0.0/8 network to the
# internal server 10.10.0.10
# - "4.0.0.0/8,10.0.0.10,tcp,80,81" forward all tcp request on
# port 80 coming from the 4.0.0.0/8 network to the
# internal server 10.10.0.10 on port 81
# - "200.200.200.0/24,10.0.0.10,tcp,80,81,202.202.202.202"
# the network 200.200.200.0/24 trying to access the
# address 202.202.202.202 on port 80 will be forwarded
# to the internal server 10.0.0.10 on port 81
#
# Note: du to inconsitent iptables behaviour only port numbers are possible but
# no service names
(https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=273)
#
FW_FORWARD_MASQ="0/0,192.168.1.107,tcp,32700 0/0,192.168.1.107,tcp,32701
0/0,192.168.1.107,tcp,32702 0/0,192.168.1.107,tcp,32703
0/0,192.168.1.107,tcp,32704 0/0,192.168.1.107,tcp,32705"
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |