* Kurt Minder;
1.) Does the FW_SERVICE_DMZ open only a connection form DEV_EXT to DEV_DMZ ? Because when i want to access the DMZ from internal i have to use the FW_FORWARD statement.
My understanding is as which ports coming from the DMZ to the FIREWALL machine is ACCEPTED. (hence the need to FW_FORWARD rules to let access to the services offered in the DMZ)
2.) A question to the notation # A forwarding rule consists of 1) source IP/net and 2) destination IP # seperated by a comma. e.g. "1.1.1.1,2.2.2.2 3.3.3.3/16,4.4.4.4/24" # Optional is a protocol, seperated by a comma, e.g. "5.5.5.5,6.6.6.6,igmp" # Optional is a port after the protocol with a comma, e.g. "0/0,0/0,udp,514"
When i leave away protocol and port what is (or should)open then?
I would say wide open by defining TCP/UDP/IGMP you rare limiting the protocols that are allowed when you add the port number than only the protocol along with the matching port is allowed. -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx