----- Original Message -----
From: "Miguel Albuquerque"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, 2003-02-09 at 17:09, T. Ermlich wrote:
maybe I misunderstood the SuSEfirewall2 describtions, but how to open a protocol? Ports are opened eg. by the lines FW_SERVICES_EXT_TCP="..." FW_SERVICES_EXT_UDP="..." But how to handle protocols?
[sniped from /etc/SuSEfirewall2]
# Choice: leave empty or any number of ports, known portnames (from # /etc/services) and port ranges seperated by a space. Port ranges are # written like this: allow port 1 to 10 -> "1:10" # e.g. "", "smtp", "123 514", "3200:3299", "ftp 22 telnet 512:514" # For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2")
[snip]
ie.:
FW_SERVICES_EXT_TCP="http ftp pop3 smtp ssh 10000" # Common: domain FW_SERVICES_EXT_UDP="domain" # Common: domain # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP=""
Peace.
-- "The Man, he is not; he becomes." - NEHER.
.-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND NATEL 079 543 1935 http://counter.li.org Linux user #301007 mailto:mfoacs@e-workshop.ch http://mfoacs.e-workshop.ch ---------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Gnome PGP version 0.4
iD8DBQE+RoYYlhxWYRfZRJQRAoDYAJ9QDiV58Ib0dc0ZIkP0vRQhydEfFQCffinn qwIdCcJCvQn3/6ZfdF5rrB8= =o1iU -----END PGP SIGNATURE-----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi again, maybe I'm too stupid ....... but isn't there a difference between ports & protocols? I thought I understood iptables, but you're reply shows me I didn't. Here's an example: /usr/sbin/iptables -A INPUT -s 192.168.0.25 -d 64.65.66.67 -p udp --dport 500 -j ACCEPT /usr/sbin/iptables -A INPUT -s 192.168.0.25 -d 64.65.66.67 -p 50 -j ACCEPT Line 1 is related udp port 500, while line 2 is related to protocol 50. Or am I totally wrong????? c y Torsten