Mailinglist Archive: opensuse (4343 mails)

< Previous Next >
Re: [SLE] [SuSE 8.1] USB SpeedTouch modem user can't start SuSEfirewall2: sorry, long post !
  • From: Togan Muftuoglu <toganm@xxxxxxxxxxxx>
  • Date: Fri, 8 Nov 2002 20:41:34 +0200
  • Message-id: <20021108184134.GC26481@xxxxxxxxxxxx>
* FX Fraipont; <fxf@xxxxxxxxx> on 08 Nov, 2002 wrote:
#
FW_MASQ_NETS="0/0"

????? it would be better in my opinion to say which networks is masquearded ie
192.168.1.0/24 much safer

# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2")
#
# Common: smtp domain
FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet "
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http and 80
smtp and 25

just say "www smtp" and if yopuare using telnet why bother with ssh ?

# Common: domain
FW_SERVICES_EXT_UDP="www"

www is TCP not UDP

#
# Common: ssh smtp domain
FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"

"ssh smtp 26 143 www"

FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143"
^^^^
143 is not a highport

# Common: "DNS" or "domain ntp", better is "yes" to be sure ...
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"

I would have put just "DNS" makes more secure

# if everything still works. (It should!) ;-)
#
# Choice: "yes" or "no", if not set defaults to "yes"
#
FW_KERNEL_SECURITY="no"

yes is much better


This is my opinion your mileage may vary

--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



< Previous Next >
Follow Ups