Hi,
I've been upgrading to Firewall 1.8 and had a problem within SuSEfirewall itself. It appears to wedge under SuSE 6.2 on an ipchains DENY for IP@ppp0 which happens to be my dynamic dialup IP.
This happens in the IP Spoofing & Circumventrion [sic] section where there is a for j in $DEV_INT_NET $FW_LOCALNETS; do $IPCHAINS -A input -j "$DENY" -i $i -s $j $LDC done
It wedges on $FW_LOCALNETS which is set to IP@ppp0.
Omitting $FW_LOCALNETS allows the script to run to completion and the firewall to be "set up". I don't (yet) understand what is trying to be achieved in this particular section of code. I especially don't understand why ipchains would wedge. Perhaps it's because there is no DNS as such on the firewall.
I'm also getting other warnings about ipchains not understanding IP@ppp0.
Have I messed up the rc.firewall configuration?
YES! ;-) FW_LOCALNETS are networks in your internal LAN which should be allowed to access the internet via masquerading. don't put any ip addresses of the firewall there. Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C