http://bugzilla.novell.com/show_bug.cgi?id=551282
http://bugzilla.novell.com/show_bug.cgi?id=551282#c26
Ludwig Nussel changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |REOPENED
Info Provider|lnussel@novell.com |
--- Comment #26 from Ludwig Nussel 2009-12-11 11:16:01 CET ---
The int zone is meant to be trusted. If you disable the option to protect it
the int zone would be just the same as ext. saned just used a braindead
protocol that doesn't work properly with firewalling. There is no special
conntrack module as for ftp (which has security issues too). I don't think the
yast2 scanner module needs to offer more complex firewall settings. The
existing ones are sufficient.
If your interface is connected to different networks at the same time, you
desperately want the ext zone but still want to trust some IP addresses you can
specifically configure that (FW_TRUSTED_NETS, FW_SERVICES_ACCEPT_EXT).
If you're carrying around a laptop that connects to different networks which
you trust differently you may want to try fwzs
(http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/).
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.