Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On Fri, 12 Feb 2016, John Andersen wrote:

Susefirewall is very special (so I'm told), yet even it does not somehow rewrite RFC 792, one of the oldest RFCs defining the internet.

Sorry if this is a bit off topic. It is clear that a lot of thought has gone into the SuSEfirewall2, but there are few comments in the code to explain the underlying thinking. To make it clearer what is happening, I found it instructive to add the sequence

-m comment --comment "${FUNCNAME}[${LINENO}]"

to all those iptables commmands which create firewall rules. Be patient, there are 159 lines to update in 13.2, but a true l33t with vi and sed would have no problem. Here is an example of the commented output of command iptables -n --line-numbers -t filter -L INPUT

Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* set_basic_rules[768] */
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED /*
allow_basic_established[685] */
3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED /*
allow_basic_established[699] */
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 match-set
hosts.allow-rule-1-inet src
/* [2.1.ssh] */
5 input_ext all -- 0.0.0.0/0 0.0.0.0/0 /* fork_to_chains[1488] */
6 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 /*
finish_chains[1507] */
LOG flags 6 level 4 prefix
"SFW2-IN-ILL-TARGET "
7 DROP all -- 0.0.0.0/0 0.0.0.0/0 /* finish_chains[1508] */

This could even be a permanent feature of /sbin/SuSEfirewall2

Roger
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >