Hey SuSE hackers tell me Is there anything new in SuSEfirewall2 that solves this scenario??? Shall I do in my own using sort of rambo approach?
FW_DEV_WORLD="eth0" FW_DEV_WORLD_eth0="10.0.0.1 255.255.255.0"
The problem is that the configuration above configures rules for static ip address 10.0.0.1 and when the interface goes up and gets a different ip address (dhcp) it does not work - in fact the FW does its job by filtering all packets to the lastest ip address. In the other hand, when I leave FW_DEV_WORLD_eth0 empty, at boot time the FW is not initilized (prompts error at phase 2 of 3) because dhcp client still has not set a valid IP address for eth0. So it seems that an address should be given for the FW to work properly... but I can not give an unkown IP in advance. This is correct, AFAIK. The same scenario is would be present when connecting with modem to dial-up... usually before connecting you don't know your assigned ip. With a dial-up, you need to add a line in ifup script to start the firewall for the connection. With DHCP, it may be possible to add something to DHCP-exit hooks or the dhclient script? You might also try changing the number of the startup script to initialize the firewall AFTER it gets it info from DHCP. HTH
Pep Serrano