Re: [suse-security] How to open a protocol with SuSEfirewall2

9 Feb 2003


      ----- Original Message ----- 
From: "Miguel Albuquerque" 
To: 
Sent: Sunday, February 09, 2003 5:48 PM
Subject: Re: [suse-security] How to open a protocol with SuSEfirewall2
...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 2003-02-09 at 17:09, T. Ermlich wrote:
...
maybe I misunderstood the SuSEfirewall2 describtions, but how to open
a protocol?
Ports are opened eg. by the lines
FW_SERVICES_EXT_TCP="..."
FW_SERVICES_EXT_UDP="..."
But how to handle protocols?
[sniped from /etc/SuSEfirewall2]
# Choice: leave empty or any number of ports, known portnames (from
# /etc/services) and port ranges seperated by a space. Port ranges are
# written like this: allow port 1 to 10 -> "1:10"
# e.g. "", "smtp", "123 514", "3200:3299", "ftp 22 telnet 512:514"
# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number
("2")
[snip]
ie.:
FW_SERVICES_EXT_TCP="http ftp pop3 smtp ssh 10000"
# Common: domain
FW_SERVICES_EXT_UDP="domain"
# Common: domain
# For VPN/Routing which END at the firewall!!
FW_SERVICES_EXT_IP=""
Peace.
-- 
"The Man, he is not; he becomes." - NEHER.
.-.                             e-SecureNet
    /v\      We Run SuSE            Project Manager
   // \\  *The LINUX Experts*       c/o Miguel Albuquerque
  /(   )\                           Av. Miremont 46
   ^^-^^                            1202 - GE, SWITZERLAND
                                    NATEL 079 543 1935
http://counter.li.org             Linux user #301007
mailto:mfoacs@e-workshop.ch         http://mfoacs.e-workshop.ch
----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Gnome PGP version 0.4
iD8DBQE+RoYYlhxWYRfZRJQRAoDYAJ9QDiV58Ib0dc0ZIkP0vRQhydEfFQCffinn
qwIdCcJCvQn3/6ZfdF5rrB8=
=o1iU
-----END PGP SIGNATURE-----
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here
Hi again,

maybe I'm too stupid ....... but isn't there a difference between ports &
protocols?
I thought I understood iptables, but you're reply shows me I didn't.
Here's an example:
    /usr/sbin/iptables -A INPUT -s 192.168.0.25 -d 64.65.66.67 -p
udp --dport 500 -j ACCEPT
    /usr/sbin/iptables -A INPUT -s 192.168.0.25 -d 64.65.66.67 -p 50 -j
ACCEPT
Line 1 is related udp port 500, while line 2 is related to protocol 50.
Or am I totally wrong?????

c y
Torsten