Mailinglist Archive: opensuse-factory (293 mails)

< Previous Next >
Re: [opensuse-factory] SPAM: Warning! SuseFirewall2 by default allow any port for INCOMING!
  • From: jdd <jdd@xxxxxxxxx>
  • Date: Thu, 20 Jul 2006 14:13:19 +0200
  • Message-id: <44BF735F.2030202@xxxxxxxxx>
Kenneth Schneider wrote:
On Wed, 2006-07-19 at 23:08 -0700, The Nice Spider wrote:

let's me tell you in these steps (sorry for my bad
english):
1. I have 2 NIC: 1 internal and 1 external. the
external is using public IP.
2. on yast, i check masquerading
3. external and internal allowed service ONLY listed:
http
4. but my clients can access any outside POP/SMTP
server (including yahoo using Ypops in their local PC), and maybe many others
services.



If you want to control _outbound_ access look into using squid, that is
what it was designed for. The firewall is designed mainly for _inbound_
access control.

and here, inbound mean the inside of the server itself (hence the http for external _and_ internal branches of the network)

usually any call from the internal branch of the net is accepted (natted) and any answer to it.

jdd


--
http://www.dodin.net
http://dodin.org/galerie_photo_web/expo/index.html
http://lucien.dodin.net
http://fr.susewiki.org/index.php?title=Gérer_ses_photos

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory-unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory-help@xxxxxxxxxxxx

< Previous Next >
Follow Ups