3 Apr
2011
3 Apr
'11
14:05
On 04/03/2011 03:32 PM, Carlos E. R. wrote:
On Sunday, 2011-04-03 at 13:51 +0200, Malte Gell wrote:
Marcus Meissner
wrote FW_SERVICES_EXT_TCP="1024:65535"
This would allow all ports from 1024-65535 on the external interface.
By the way, can I make sure these high ports are accessible only from certain IPs like 192.168.x.x? Does that need a new rule?
You would put the range in FW_TRUSTED_NETS, I guess:
FW_TRUSTED_NETS="192.168.0.0/16,tcp,1024:65535"
You can trust the internal lan if you want FW_PROTECT_FROM_INT="no" or if you want to increase performance FW_PROTECT_FROM_INT="notrack" HTH Togan -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org