Re: [opensuse-security] SuSEfirewall2 and opening high ports

On 04/03/2011 03:32 PM, Carlos E. R. wrote:

On Sunday, 2011-04-03 at 13:51 +0200, Malte Gell wrote:

...

Marcus Meissner wrote

...

...

FW_SERVICES_EXT_TCP="1024:65535"

This would allow all ports from 1024-65535 on the external interface.

...

By the way, can I make sure these high ports are accessible only from certain IPs like 192.168.x.x? Does that need a new rule?

You would put the range in FW_TRUSTED_NETS, I guess:

FW_TRUSTED_NETS="192.168.0.0/16,tcp,1024:65535"

You can trust the internal lan if you want FW_PROTECT_FROM_INT="no" or if you want to increase performance FW_PROTECT_FROM_INT="notrack" HTH Togan -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org