Mailinglist Archive: opensuse (3506 mails)
| < Previous | Next > |
Re: [SLE] Firewall zones
- From: Paul Abrahams <abrahams@xxxxxxx>
- Date: Thu, 28 Sep 2006 16:54:43 +0000 (UTC)
- Message-id: <200609281254.24942.abrahams@xxxxxxx>
On Thursday 28 September 2006 1:33 am, Darryl Gregorash wrote:
> On 27/09/06 21:07, Paul Abrahams wrote:
> >On Wednesday 27 September 2006 9:35 pm, Darryl Gregorash wrote:
> >
> > <snip>
> >
> >>It should, however, be possible to set these in Security/Firewall (or
> >>Network/Firewall, depending on the Yast version).
> >
> >That's just what I meant. I should have been clearer.
>
> And now that I read again what I wrote above, I too should have been
> clearer.. that is what we *want*, but it isn't what we *get* :-)
What would be the best way to ask Novell to fix this?
There's a help file for
Susefirewall, /usr/share/doc/packages/SuSEfirewall2/EXAMPLES,
that lists a number of scenarios, but not the very common one I'm dealing
with. Your suggestion shows that there is a simple way of handling it. If
your approach has any disadvantages or weaknesses, I haven't found them.
For those not following the thread earlier, the scenario is a home network
with several machines, each with a single network card cabled to a router
such as a D-Link, Linksys, or Netgear. The router in turn is connected to a
DSL or cable modem that interfaces to a broadband ISP. Communication among
the machines on the network should be entirely uninhibited but communication
with machines outside the network should be fully protected by the firewall.
The solution is to set the /etc/sysconfig parameter FW_TRUSTED_NETS to the
value 192.168.0.0/24 or 192.168.1.0/24, depending on the router and assuming
the router does not have a nonstandard configuration.
Paul
Paul
> On 27/09/06 21:07, Paul Abrahams wrote:
> >On Wednesday 27 September 2006 9:35 pm, Darryl Gregorash wrote:
> >
> > <snip>
> >
> >>It should, however, be possible to set these in Security/Firewall (or
> >>Network/Firewall, depending on the Yast version).
> >
> >That's just what I meant. I should have been clearer.
>
> And now that I read again what I wrote above, I too should have been
> clearer.. that is what we *want*, but it isn't what we *get* :-)
What would be the best way to ask Novell to fix this?
There's a help file for
Susefirewall, /usr/share/doc/packages/SuSEfirewall2/EXAMPLES,
that lists a number of scenarios, but not the very common one I'm dealing
with. Your suggestion shows that there is a simple way of handling it. If
your approach has any disadvantages or weaknesses, I haven't found them.
For those not following the thread earlier, the scenario is a home network
with several machines, each with a single network card cabled to a router
such as a D-Link, Linksys, or Netgear. The router in turn is connected to a
DSL or cable modem that interfaces to a broadband ISP. Communication among
the machines on the network should be entirely uninhibited but communication
with machines outside the network should be fully protected by the firewall.
The solution is to set the /etc/sysconfig parameter FW_TRUSTED_NETS to the
value 192.168.0.0/24 or 192.168.1.0/24, depending on the router and assuming
the router does not have a nonstandard configuration.
Paul
Paul
| < Previous | Next > |