I am using SuSEfirewall for many years without problems and I am not very interested in switching to a more flexible solution (direct iptables usage, Firewall Builder ...). But I search a good strategy for configuring SuSEfirewall, so that I can divide the network into three ore more zones: * "trusted zone": trusted network devices in my network, e.g. Linux PCs under my control * "untrusted zone": network devices in my network, which are somewhat unreliable, e.g. smartphones without recent updates, TV set-top boxes, Smart TV devices, future IoT devices ... * "internet zone": connections from the internet (some ports are forwarded in my router) I know, that I can configure such a network setup in SuSEfirewall using three networks cards, each connected with one network. But no, I only use one network card. So I can not classify the networks using the network cards, which is the standard in SuSEfirewall. Probably a good starting point is the custom rules file for SuSEfirewall: /etc/sysconfig/scripts/SuSEfirewall2-custom My questions: 1. How can I classify my network devices best? Hardware/MAC addresses are my favorite. VLAN is currently unavailable, because my router does not support VLANs. Static IP addresses (maybe configured with static DHCP assignments in my router) are an alternative to hardware/MAC addresses. (Btw, I know, that everything can be forged, but probably my smartphone would not do this.) 2. Do you have an example configuration or strategy for SuSEfirewall? 3. Is SuSEfirewall powerful enough to deal with one network device and multiple VLANs, so that it's worth to exchange the router to a model which is VLAN capable? Do you have an example SuSEfirewall with VLANs setup? Regards, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org