Re: [suse-security] SuSEfirewall(1) and SuSEfirewall2

Hi Everybody, where can we find the beta for download? Regards, Daniel On Sun, 10 Jun 2001, StarTux wrote:

Date: Sun, 10 Jun 2001 15:12:24 -0700 From: StarTux To: Marc Heuse Cc: suse-security@suse.com Subject: Re: [suse-security] SuSEfirewall(1) and SuSEfirewall2

Marc Heuse wrote:

...

Hi folks!

I am happy to announce that SuSEfirewall2 is now ready for world-wide realiable beta/gamma testing! The code is much more secure than SuSEfirewall(1) because of the change in code and possibilies, and now with the newest 2.4 kernel version the firewall code seems finally to be reliable. So everyone: now is the best time to change from SuSEfirwall to SuSEfirewall2 for better security and faster rule chains.

btw if you sometimes change between SuSEfirewall(1) and 2 because you use both, 2.2 and 2.4 kernels, just install SuSEfirewall-4.7 - and SuSEfirewall will start only in 2.2 mode and if in 2.4 mode SuSEfirewall2 is not configured to run.

For harden_suse users: download v3.4 for use with SuSE 7.2.

Changelog for SuSEfirewall2 1.0: v1.0 10.06.01 GAMMA -> believe it or not - v1.0 is ready to go and should work perfectly for everyone! :-) * Added the new ip-up script which supports SuSE-personalfirewall, SuSEfirewall(1) and SuSEfirewall2 * Added a patch by , which fixes some error checking - thanks! * Added loading of a kernel module which is necessary for active ftp (thanks to christian.ernst@informatik.fh-hamburg.de) * Added support for devices with no broadcast address (e.g. ipsec stuff) * Autoprotecting mode supports ipv6 global bindings (:::1) now * Fixed a bug in the UDP autoprotecting mode support * Removed TOS stuff for ICMP - resulted in no ping packets being sent. Seems to be a kernel bug :-( netfilter still sucks ... * Updated the documentation * Added bootp config support for interfaces * Added a small README and a converted EXAMPLES file

Changelog for SuSEfirewall 4.7: v4.7 .06.01 (gamma release) * added auto service detection for IPv6 services * added support for ipsec and other devices without a broadcast address * if running with a 2.4 kernel, the boot scripts check if SuSEfirewall2 is installed and won't run if detected. This provides you with optimal security and transparent SuSEfirewall* support! :-)

Changelog for harden_suse: v3.4 10.06.01 (gamma release) * wont disable some special SuSE 7.2 stuff: CRYPTO_FILESYSTEMS IDLED, POWERTWEAKD, PPTPD, IJB, IPPL, ARGUS, etc.

v3.3 06.05.01 (gamma release) * wont disable SNORT, ADSL, NESSUSD and many many other things now which either do not affect security or are security daemons * added LICENCE file (required by SuSE policy) * added special warning about tcp wrapper setup and it effects on sshd

v3.2 07.04.01 (gamma release) * added MD5 passwords * changed the undo script creation, after running undo, the log and undo files are not deleted but renamed

Greets, Marc -- E@mail: marc@suse.de Function: Security Research and Advisory PGP: "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C Private: http://www.suse.de/~marc SuSE: http://www.suse.de/security

Thanks Marc!!!

Have a great weekend! I have been using SuSEfirewall2 (I knew the risks with beta) and really like it. Believe it or not data going through from the Everquest server to my wifes computer would always result in lots of disk activity on my server, but with Firewall2 this went away.

Oh yeah, when I had the cable modem guy come to install the hardware I mentioned firewalls and he said it would not work @home, of course it does and I sent him on his way with a SuSE 7.0 CD set as he needed to learn computing :-).

All those unprotected Win machines on broadband, its scary...

Matt

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com