Mailinglist Archive: opensuse (924 mails)

< Previous Next >
Re: [opensuse] SuseFirewall2 does not allow pings to ext network?
On 10/28/2012 08:36 PM, Marc Chamberlin wrote:

Thanks Togan , nice way to strip out comments! I have posted the
SuSEfirewall2 configuration to

http://susepaste.org/fe8e7b3a

and left the default expiration at 1 week. Hopefully someone can find
something interesting that I have overlooked!

Ok first tighten up your config a bit and remove "any" from the DEV_EXT
so it looks like
FW_DEV_EXT="eth0"


When you have FW_PROTECT_FROM_INT="no" then you do not need to specify
FW_SERVICES_INT_TCP and FW_SERVICES_INT_UDP so you may want to remove
them. Best way during testing is comment them and and empty versions of
them with an empty line after the variable ie.

FW_SERVICES_INT_TCP=""

FW_SERVICES_INT_UDP=""

For testing purposes also make the following changes

FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_ALL="yes"

These will cause lots of logging so once you are done with the testing
revert them back to their default no

So for testing once the above is corrected with root privileges
/sbin/SuSEfirewall2 start

Begin trying to use your application and send the relevant part of the
logs, ie if the service is unreachable then find the log entries which
are dropped and send them or use susepaste.org which in that case send
the paste id

Togan
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups