SuSEfirewall(1) and SuSEfirewall2

Hi folks! I am happy to announce that SuSEfirewall2 is now ready for world-wide realiable beta/gamma testing! The code is much more secure than SuSEfirewall(1) because of the change in code and possibilies, and now with the newest 2.4 kernel version the firewall code seems finally to be reliable. So everyone: now is the best time to change from SuSEfirwall to SuSEfirewall2 for better security and faster rule chains. btw if you sometimes change between SuSEfirewall(1) and 2 because you use both, 2.2 and 2.4 kernels, just install SuSEfirewall-4.7 - and SuSEfirewall will start only in 2.2 mode and if in 2.4 mode SuSEfirewall2 is not configured to run. For harden_suse users: download v3.4 for use with SuSE 7.2. Changelog for SuSEfirewall2 1.0: v1.0 10.06.01 GAMMA -> believe it or not - v1.0 is ready to go and should work perfectly for everyone! :-) * Added the new ip-up script which supports SuSE-personalfirewall, SuSEfirewall(1) and SuSEfirewall2 * Added a patch by , which fixes some error checking - thanks! * Added loading of a kernel module which is necessary for active ftp (thanks to christian.ernst@informatik.fh-hamburg.de) * Added support for devices with no broadcast address (e.g. ipsec stuff) * Autoprotecting mode supports ipv6 global bindings (:::1) now * Fixed a bug in the UDP autoprotecting mode support * Removed TOS stuff for ICMP - resulted in no ping packets being sent. Seems to be a kernel bug :-( netfilter still sucks ... * Updated the documentation * Added bootp config support for interfaces * Added a small README and a converted EXAMPLES file Changelog for SuSEfirewall 4.7: v4.7 .06.01 (gamma release) * added auto service detection for IPv6 services * added support for ipsec and other devices without a broadcast address * if running with a 2.4 kernel, the boot scripts check if SuSEfirewall2 is installed and won't run if detected. This provides you with optimal security and transparent SuSEfirewall* support! :-) Changelog for harden_suse: v3.4 10.06.01 (gamma release) * wont disable some special SuSE 7.2 stuff: CRYPTO_FILESYSTEMS IDLED, POWERTWEAKD, PPTPD, IJB, IPPL, ARGUS, etc. v3.3 06.05.01 (gamma release) * wont disable SNORT, ADSL, NESSUSD and many many other things now which either do not affect security or are security daemons * added LICENCE file (required by SuSE policy) * added special warning about tcp wrapper setup and it effects on sshd v3.2 07.04.01 (gamma release) * added MD5 passwords * changed the undo script creation, after running undo, the log and undo files are not deleted but renamed Greets, Marc -- E@mail: marc@suse.de Function: Security Research and Advisory PGP: "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C Private: http://www.suse.de/~marc SuSE: http://www.suse.de/security