* Robbert Eggermont;
However, when I enable SuSEfirewall2 for this system (using YaST), the firewall (/etc/rc.d/rc5.d/S01SuSEfirewall2_init) blocks ("destination unreachable") all {dns, smb, nfs, nis} traffic until (S14SuSEfirewall2_setup) *after* the {smbfs, nfs, ypbind} services are started...
I'm wondering if the above functionality is by design, and if so, why?
yes by design. If you look to section 1.3 Techical background, you will see that SuSEfirewall2_init calls close function. I think the idea is until all services are setup close any incoming connection attempts. That is why after setup stage the final stage comes. So SuSEfirewall2 runs actualy 3 times before your actual protection is underway. Note that during the init stage trafic generated by the computer is allowed to pass. -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum