Mailinglist Archive: opensuse (1986 mails)

[Edke <edke.kraken@xxxxxxxxx>]

On Sun, Nov 16, 2008 at 1:57 PM, James Knott <james.knott@xxxxxxxxxx> wrote:
> Edke wrote:
> > Hello guys,
> >
> >
> > I'm replacing SuseFirewall2 with iptables
> ????
>
> I thought SuSE firewall was a method of configuring Iptables.  You don't
> replace it with Iptables.  You can use any method you wish to do the
> configuration, but it's still Iptables.

I was strugling to create my needed configuration in SuSE firewall
therefore I used iptables directly and wrote few rules and it works
great.

Problem with SuSE firewall is, that I quite don't understand the logic
of internal/external and demilitarized zone. I need to set up firewall
so that it's open to my LAN subnet (192.168.1.0/24) and to the rest
only few ports as 80, 22. Rest of the traffic should be rejected.

And it's so easy with just iptables:

-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.0/24 -p tcp -m state --state NEW -j ACCEPT

-A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -j REJECT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT






-- 

s pozdravom do zatvy Edke

G-mail: edke.kraken@xxxxxxxxx
ICQ: 47405942
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx