On Fri, 30 Aug 2002, Thomas Gaertner wrote:
I 've some problems with the SuSEfirewall2. In my setup it allows access to ports ( like telnet mysql... ) which I have NOT opened to the outside. I use also autoprotection but it does not help.
Are you clear why you wrote these entries in section 9? They seem to open up a lot of 'external' ports. This is not the cause of your problem but it concerns me a little.
# 9.) # Which services ON THE FIREWALL should be accessible from either the internet # (or other untrusted networks), the dmz or internal (trusted networks)?
FW_SERVICES_EXT_TCP="domain 22 talk ntalk 3000 6105 6106" # Common: domain FW_SERVICES_EXT_UDP="domain talk ntalk 3000 6105 6106" # Common: domain
Try to write for yourself a short definition of the purpose of your firewall - the little text diagrams that some people send to the list are always helpful for troubleshooters too - see which diagram in /usr/share/doc/packages/SuSEfirewall2/EXAMPLES best matches your plan. If you are still stuck, share your progress with the list -- but don't put the fw into production until your are comfortable :-) dproc