Mailinglist Archive: opensuse-factory (293 mails)
| < Previous | Next > |
Re: [opensuse-factory] SPAM: Warning! SuseFirewall2 by default allow any port for INCOMING!
- From: jdd <jdd@xxxxxxxxx>
- Date: Thu, 20 Jul 2006 19:35:21 +0200
- Message-id: <44BFBED9.9070808@xxxxxxxxx>
houghi wrote:
you are correct, in essence, but we must try to stay as near as possible of the SUSE words.
I already noted that the documentation of SuSEfirewall2 is extremely ambiguous on this respect.
there, in and out are defined by the interface number (why not), but the server itself is never defined, so it's very difficult to really understand the thing.
this is very important nowaday where VPN's makes it dufficult to identify what machine is in and what is out :-()
may be I will work on this, but given my actual agenda, it's not in a near future :-(
jdd
--
http://www.dodin.net
http://dodin.org/galerie_photo_web/expo/index.html
http://lucien.dodin.net
http://fr.susewiki.org/index.php?title=Gérer_ses_photos
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory-unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory-help@xxxxxxxxxxxx
On Thu, Jul 20, 2006 at 02:13:19PM +0200, jdd wrote:
If you want to control _outbound_ access look into using squid, that is
what it was designed for. The firewall is designed mainly for _inbound_
access control.
and here, inbound mean the inside of the server itself (hence the http for external _and_ internal branches of the network)
Inbound normaly means from outside of somthing into something. "Incomming"
is perhaps a better or easier word.
So it goes from outside of the server, into the server. Wether this is WAN
or LAN is irrelevant. It is perfectly possible to have inbount traffic
from WAN to LAN, because you need to look from the point of view of the
server.
Is it trafic generated by the server then it is outbound. If it is traffic
for the server, then it is inbound. If the server IS the firewall, then a
connection from WAN to LAN will be both inbound and outbound. Client asks
the server access on port 80 -> Inbound. Server passes it on the the
crrect place -> Outbound.
you are correct, in essence, but we must try to stay as near as possible of the SUSE words.
I already noted that the documentation of SuSEfirewall2 is extremely ambiguous on this respect.
there, in and out are defined by the interface number (why not), but the server itself is never defined, so it's very difficult to really understand the thing.
this is very important nowaday where VPN's makes it dufficult to identify what machine is in and what is out :-()
may be I will work on this, but given my actual agenda, it's not in a near future :-(
jdd
--
http://www.dodin.net
http://dodin.org/galerie_photo_web/expo/index.html
http://lucien.dodin.net
http://fr.susewiki.org/index.php?title=Gérer_ses_photos
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory-unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory-help@xxxxxxxxxxxx
| < Previous | Next > |