[SLE] [Security - intern] new SuSEfirewall version (beta) (fwd)

Hi, JFYI! Bye, LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer 90443 Nuernberg, Germany ---------- Forwarded message ---------- Date: Mon, 24 Jan 2000 20:15:32 +0100 (MET) From: Marc Heuse Reply-To: security@suse.de To: suse-security@suse.com, security@suse.de Cc: security@suse.de Subject: [Security - intern] new SuSEfirewall version (beta) Hi folks! Much much work have been put into the new version of SuSEfirewall-1.9. This will be (hopefully) the last beta before the official v2.0 rpm update. So please, everyone who has got time and pleasure, check this beast out. You'll have to re-edit the rc.firewall, because variable names were changed. You can find it at http://www.suse.de/~marc (might take some hours until it's available on the webserver) Local SuSE guys can find the package at ~marc/public/SuSEfirewall-1.9.tar.gz What has changed? Many things: CHANGES v1.9 24.01.00 (beta version) * If an error occurs, firewall rules will be reset now! (plus msg print) * Added support for a DMZ in rc.firewall (FW_DEV_DMZ, FW_ALLOW_PING_DMZ) * Restructured rc.firewall and renamed some variables !!! * Moved code from "firewall" to "SuSEfirewall close" * Cleaned up the "firewall" init.d script * Removed empty lines in the error output * Now aliased interfaces should be supported ("eth0:1"). Please test. * Plugged a hole where FW_LOCALNETS could access any port on the firewall from the internal network even if they should not. * New file: EXAMPLES - shows example setup and configurations! * New file: HOLES - these "vulnerabilities" exist when using this tool * New executable: openports - checks which ports are accessible, provided by Andi Kleen - thanks! * New option "SuSEfirewall -h" which shows commandline options * New option "SuSEfirewall check" which runs openports queries. * Now first rc.config will be loaded, then rc.firewall, to prevent problems for people who have the old "firewall.rpm" installed. * Karl did a spell check on the german and english textfile. Big, big thanks! Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/