Mailinglist Archive: opensuse (924 mails)

< Previous Next >
Re: [opensuse] What's going on with firewall rules in 12.1?!?
On Tue, Oct 02, 2012 at 01:43:18PM -0700, j debert wrote:
Using 12.1.

I want to add two, simple, basic firewall rules to deal with an ISP
proxy injecting javascript into every web page fetched.

I tried doing the usual and customary "service iptables save" after
inserting the rules manually which returned the error "service
iptables does not exist" or whatever.

Looking further, I find that rc.iptables has been removed and
substituted with some bizarre sysconfig abstraction that apparently
creates firewall rules from scratch from a legion of files every time
the system starts. And apparently, the way this thing is set up, I
cannot do a simple append to this conglomeration of sundry files to
get the rules I require. Further, Yast is completely useless for this
purpose.

As a bonus this nyoo thang, or whatever it is, is undocumented.

Why do we have to do things the hard way? What is the rationale behind
making firewall setup more difficult?

And *WHERE* is the documentation?

I see you probably met SuSEfirewall2, an tool we have for over
10 years now, (so it is not really new with 12.1).

We never had a iptables init script.

The config file /etc/sysconfig/SuSEfirewall2 is mostly self explaining,
to hook in your own rules change:

FW_CUSTOMRULES="... your script ..."

and use /etc/sysconfig/scripts/SuSEfirewall2-custom as an example.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References