Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] What is the meaning of these firewall log entries?
On 13/02/16 04:23 AM, Roger Price wrote:
On Fri, 12 Feb 2016, John Andersen wrote:

Susefirewall is very special (so I'm told), yet even it does not
somehow rewrite RFC 792, one of the oldest RFCs defining the internet.

Sorry if this is a bit off topic. It is clear that a lot of thought
has gone into the SuSEfirewall2, but there are few comments in the
code to explain the underlying thinking. To make it clearer what is
happening, I found it instructive to add the sequence

-m comment --comment "${FUNCNAME}[${LINENO}]"

to all those iptables commmands which create firewall rules. Be
patient, there are 159 lines to update in 13.2, but a true l33t with
vi and sed would have no problem. Here is an example of the commented
output of command iptables -n --line-numbers -t filter -L INPUT

Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /*
set_basic_rules[768] */
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED
/* allow_basic_established[685] */
3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED /*
allow_basic_established[699] */
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 match-set
hosts.allow-rule-1-inet src
/* [2.1.ssh] */
5 input_ext all -- 0.0.0.0/0 0.0.0.0/0 /*
fork_to_chains[1488] */
6 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 5 /* finish_chains[1507] */
LOG flags 6 level 4
prefix "SFW2-IN-ILL-TARGET "
7 DROP all -- 0.0.0.0/0 0.0.0.0/0 /*
finish_chains[1508] */

This could even be a permanent feature of /sbin/SuSEfirewall2

Roger
This is not SUSEfirewall's doing, it is iptables. You could craft all
those rules by hand, if you were to be so brave ;)
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups