Mailinglist Archive: opensuse (770 mails)

< Previous Next >
Re: [opensuse] Router firewall vs openSUSE firewall
On 28/08/12 16:18, Togan Muftuoglu wrote:
On 08/28/2012 05:04 PM, Bob Williams wrote:
On 28/08/12 15:09, Togan Muftuoglu wrote:
On 08/28/2012 04:05 PM, Bob Williams wrote:

I think what I'll end up doing is continue to run both firewalls, but
disable the openSUSE one temporarily for the time I want to watch a
video, browse my photos, etc.

A better approach is to configure the firewall correctly

Togan

Which is what I asked in the original post, but you snipped that bit.
So, how do I configure it correctly?

Thank you for believing my psychic powers, but today is a bit cloudy
here so how about providing some information of your current setup,

grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d

Togan

barrowhillfarm:~ # grep -v ^# /etc/sysconfig/SuSEfirewall2|sed /^$/d
FW_DEV_EXT="eth0"
FW_DEV_INT=""
FW_DEV_DMZ=""
FW_ROUTE="no"
FW_MASQUERADE="no"
FW_MASQ_DEV=""
FW_MASQ_NETS=""
FW_NOMASQ_NETS=""
FW_PROTECT_FROM_INT="no"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP="igmp"
FW_SERVICES_EXT_RPC=""
FW_CONFIGURATIONS_EXT="ntp rsync-server sshd"
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_CONFIGURATIONS_DMZ=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_CONFIGURATIONS_INT=""
FW_SERVICES_DROP_EXT=""
FW_SERVICES_DROP_DMZ=""
FW_SERVICES_DROP_INT=""

FW_SERVICES_REJECT_EXT=""

FW_SERVICES_REJECT_DMZ=""

FW_SERVICES_REJECT_INT=""

FW_SERVICES_ACCEPT_EXT="192.168.1.20,tcp,6600
192.168.1.18,tcp,6600
192.168.1.14,tcp,8200,8200
192.168.1.14,udp,1900,1900
192.168.1.14,udp,8200,8200"
FW_SERVICES_ACCEPT_DMZ=""
FW_SERVICES_ACCEPT_INT=""
FW_SERVICES_ACCEPT_RELATED_EXT=""
FW_SERVICES_ACCEPT_RELATED_DMZ=""
FW_SERVICES_ACCEPT_RELATED_INT=""
FW_TRUSTED_NETS=""
FW_FORWARD=""
FW_FORWARD_REJECT=""
FW_FORWARD_DROP=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG_LIMIT=""
FW_LOG=""
FW_KERNEL_SECURITY=""
FW_STOP_KEEP_ROUTING_STATE=""
FW_ALLOW_PING_FW=""
FW_ALLOW_PING_DMZ=""
FW_ALLOW_PING_EXT=""
FW_ALLOW_FW_SOURCEQUENCH=""
FW_ALLOW_FW_BROADCAST_EXT="no"
FW_ALLOW_FW_BROADCAST_INT="no"
FW_ALLOW_FW_BROADCAST_DMZ="no"
FW_IGNORE_FW_BROADCAST_EXT="yes"
FW_IGNORE_FW_BROADCAST_INT="no"
FW_IGNORE_FW_BROADCAST_DMZ="no"
FW_ALLOW_CLASS_ROUTING=""
FW_CUSTOMRULES=""
FW_REJECT=""
FW_REJECT_INT=""
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING=""
FW_IPSEC_TRUST="no"
FW_ZONES=""
FW_ZONE_DEFAULT=''
FW_USE_IPTABLES_BATCH=""
FW_LOAD_MODULES="nf_conntrack_netbios_ns"
FW_FORWARD_ALWAYS_INOUT_DEV=""
FW_FORWARD_ALLOW_BRIDGING=""
FW_WRITE_STATUS=""
FW_RUNTIME_OVERRIDE=""
FW_LO_NOTRACK=""
FW_BOOT_FULL_INIT=""
barrowhillfarm:~ #

This machine is 192.168.1.14.

192.168.1.20 is my laptop running gmpc which connects to an mpd server
on 192.168.1.14 through port 6600.

the references to tcp and udp traffic through ports 8200 and 1900 are my
attempts to let minidlna traffic through.

Many thanks for your help.

Bob
--
Bob Williams
System: Linux 3.1.10-1.16-desktop
Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.9.00
"release 555"
Uptime: 06:00am up 16 days 7:10, 1 user, load average: 0.07, 0.08, 0.12
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups