Mailinglist Archive: opensuse (3378 mails)

< Previous Next >
More Firewall2
  • From: Roy Cabaniss <rcaban@xxxxxxxxxxxxxx>
  • Date: Wed, 3 Apr 2002 18:21:42 -0600
  • Message-id: <200204040021.g340LgP03399@xxxxxxxxxxxxxxxxxxxxx>
At the moment, the custom script is commented out. I have a simple setup,
with all of the inhouse boxes behind the box the following script is on. As
I watch the xconsole I see things like the following 3 messages:

Now the MAC addresses are coming in inet4 as opposed to 6. My local setups
kick out inet6 MAC's when I do an ifconfig.

Mar 24 11:08:41 rcaban kernel: SuSE-FW-ACCEPTIN=eth0 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx SRC=209.130.30.130 DST=my ext ip LEN=40 TOS=0x08
PREC=0x00 TTL=240 ID=40330 PROTO=TCP SPT=45507 DPT=80 WINDOW=65535 RES=0x00
SYN URGP=0

Mar 24 11:09:16 rcaban kernel: SuSE-FW-ACCESS_DENIED_FOR_INTIN=eth1 OUT=
MAC=xx:xx:xx:xx:xx:xx:xx SRC=192.168.0.xx (internal network, other computer)
DST=external network card LEN=68 TOS=0x10 PREC=0x00 TTL=64 ID=19036 DF
PROTO=UDP SPT=32932 DPT=53 LEN=48




# Cabaniss Firewall script


FW_DEV_EXT="eth0"
FW_DEV_INT="eth1"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.0.0/24"

#FW_MASQ_NETS="192.168.0.99 192.168.0.100 192.168.0.101 192.168.0.102
192.168.0.103 192.168.0.104 192.168.0.105 192.168.0.106 192.168.0.107."

FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="no"
FW_SERVICES_EXT_TCP="25 53 80 110 6346"
FW_SERVICES_EXT_UDP="53" # Common: domain
FW_SERVICES_EXT_IP=""
FW_SERVICES_INT_TCP="25 53 80 110 6346"
FW_SERVICES_INT_UDP="53"
FW_SERVICES_INT_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="yes" # Autodetect the services below when starting
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="yes"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD="" # Beware to use this!
FW_FORWARD_MASQ="" # Beware to use this!
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
SuSE-FW"
FW_KERNEL_SECURITY="no"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="yes"
##
# END of rc.firewall
##

# #
#-------------------------------------------------------------------------#
# #
# EXPERT OPTIONS - all others please don't change these! #
# #
#-------------------------------------------------------------------------#
# #

FW_ALLOW_FW_TRACEROUTE="no"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="yes"

#FW_CUSTOMRULES="/etc/rc.config.d/firewall2-custom.rc.config"

====================================

--
Dr. Roy F. Cabaniss
9704048 or US2002021452
Head Boll of the Evil Weevils


< Previous Next >
Follow Ups