Mailinglist Archive: opensuse (4343 mails)

< Previous Next >
Re: [SLE] [SuSE 8.1] USB SpeedTouch modem user can't start SuSEfirewall2
  • From: FX Fraipont <fxf@xxxxxxxxx>
  • Date: Fri, 08 Nov 2002 21:08:09 +0100
  • Message-id: <3DCC19A9.2040509@xxxxxxxxx>
Togan Muftuoglu wrote:

* FX Fraipont; <fxf@xxxxxxxxx> on 08 Nov, 2002 wrote:

#
FW_MASQ_NETS="0/0"


????? it would be better in my opinion to say which networks is masquearded ie
192.168.1.0/24 much safer

This is what I had in previous SuSe versions (7.3 7.1), but 0/0 was the default, so I left it that way. You are surely right.


# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2")
#
# Common: smtp domain
FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet "

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http and 80
smtp and 25

just say "www smtp" and if yopuare using telnet why bother with ssh ?


# Common: domain
FW_SERVICES_EXT_UDP="www"


www is TCP not UDP

#
# Common: ssh smtp domain
FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"


"ssh smtp 26 143 www"

This is quite messy, I must admit, and is the result of some experimentation due to the fact that my smtp does not work anymore since my ISP decided to block port 25. I didn't quite know how to define another port for sendmail. I tried 2500, but I see 2500 is in use on 8.1. So I still don't know.


FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143"

^^^^
143 is not a highport

Right. If I use pop or imap, shouldn't port 143 be open? And where should I specify this?



# Common: "DNS" or "domain ntp", better is "yes" to be sure ...
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"


I would have put just "DNS" makes more secure

# if everything still works. (It should!) ;-)
#
# Choice: "yes" or "no", if not set defaults to "yes"
#
FW_KERNEL_SECURITY="no"


yes is much better


This is my opinion your mileage may vary

It does! I don't claim to be an expert, it is only a setup I found was working for me, after some experimentation ....

Thanks for your comments.

FX

--
______________________
Courtesy of SuSE Linux
nibz.org



< Previous Next >