Togan Muftuoglu wrote:
* FX Fraipont;
on 08 Nov, 2002 wrote: # FW_MASQ_NETS="0/0"
????? it would be better in my opinion to say which networks is masquearded ie 192.168.1.0/24 much safer
This is what I had in previous SuSe versions (7.3 7.1), but 0/0 was the default, so I left it that way. You are surely right.
# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2") # # Common: smtp domain FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet "
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http and 80 smtp and 25
just say "www smtp" and if yopuare using telnet why bother with ssh ?
# Common: domain FW_SERVICES_EXT_UDP="www"
www is TCP not UDP
# # Common: ssh smtp domain FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"
"ssh smtp 26 143 www"
This is quite messy, I must admit, and is the result of some experimentation due to the fact that my smtp does not work anymore since my ISP decided to block port 25. I didn't quite know how to define another port for sendmail. I tried 2500, but I see 2500 is in use on 8.1. So I still don't know.
FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143"
^^^^ 143 is not a highport
Right. If I use pop or imap, shouldn't port 143 be open? And where should I specify this?
# Common: "DNS" or "domain ntp", better is "yes" to be sure ... FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
I would have put just "DNS" makes more secure
# if everything still works. (It should!) ;-) # # Choice: "yes" or "no", if not set defaults to "yes" # FW_KERNEL_SECURITY="no"
yes is much better
This is my opinion your mileage may vary
It does! I don't claim to be an expert, it is only a setup I found was working for me, after some experimentation .... Thanks for your comments. FX -- ______________________ Courtesy of SuSE Linux nibz.org