Mailinglist Archive: opensuse-security (256 mails)
| < Previous | Next > |
Re: [suse-security] How to replace FW_ALLOW_INCOMING_HIGHPORTS_UDP?
- From: Paul Elliott <pelliott@xxxxxx>
- Date: Fri, 4 Feb 2005 19:47:47 -0600
- Message-id: <20050205014747.GA18154@xxxxxx>
On Fri, Feb 04, 2005 at 01:06:36PM +0100, Markus Feilner wrote:
> Well, you can user a custom script and add your own rules - learning
> this will provide you with the ability to allow/forbid any
> service/traffic you like, independent from SuSEfirewall's
> capabilities...
> But I would advise you to use a local caching-only dns server - setup is
> very easy with suse - it's in the handbook. then open dns ports on your
> server to the internal net and that's it. The advantages are (a little)
> fewer dialups, probably faster dns name resolution, and one type of
> connection less from your internal Pcs to the internet. Furthermore,
> you can control the dns-resolution centrally.
> Did that help?
Does this mean that there is no easy way with SuSEfirewall2, to
allow hosts on the internal network to use specific dns servers
on the external network?
--
Paul Elliott 1(512)837-1096
pelliott@xxxxxx PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
> Well, you can user a custom script and add your own rules - learning
> this will provide you with the ability to allow/forbid any
> service/traffic you like, independent from SuSEfirewall's
> capabilities...
> But I would advise you to use a local caching-only dns server - setup is
> very easy with suse - it's in the handbook. then open dns ports on your
> server to the internal net and that's it. The advantages are (a little)
> fewer dialups, probably faster dns name resolution, and one type of
> connection less from your internal Pcs to the internet. Furthermore,
> you can control the dns-resolution centrally.
> Did that help?
Does this mean that there is no easy way with SuSEfirewall2, to
allow hosts on the internal network to use specific dns servers
on the external network?
--
Paul Elliott 1(512)837-1096
pelliott@xxxxxx PMB 181, 11900 Metric Blvd Suite J
http://www.io.com/~pelliott/pme/ Austin TX 78758-3117
| < Previous | Next > |