M9. wrote: so, if I understand well you have only one lan (192.168.1.x) with all the PC on it. previously you said: "This morning i had to shut down the firewall to enter my Lan. Printing was impossible, and also accessing the other pc's and laptops in the network. What i do not understand is why this firewall prevents me from entering other pc's in the network, while others can acces mine easily?" It looks like you (or any event) swapped the internal and external network in the config try setting with defaults - usually defaults are good
About /etc/scripts/SuSEfirewall2, there are many files there, i do not know which one you want to see.
it's not a folder but a file in my computer (but the one I have just at hand is a 10.1, may be the file was spread in several ones later) this file is commented internally, and the comments are the only firewall notice I know of
IMHO should a firwall be configured once, and work in silence, protecting a pc or laptop against attack fro 'outside'.
it's what SuSEfirewall2 do usually :-)
It should not block the trusted hosts, and block the untrusted ones.
not clear in your config wich is what
A warning should be displayed, with an option to grant or denie an attempt to enter the pc, with a discription of the host and the ip adress, so that one can decide to let pass once or forever, which does not mean that 'forever' can not be changed to denie.
it's really too easy to clic on "yes" without caution and very difficult to go back after, and should any user be allowed to do so?
A realy good firewall can work with passwords, just as a server can.
I think somewhat your definition of "firewall" is wrong. a firewall is used to open or close "ports", not communication (your firewalls don't do NAT, as you have an other router). whatever you do with these ports is irrelevant. a firewall works at the packet level, not at the logical one, it knows nothing of passwords. It protect networks, so if you want a part with trusted pc, it must be the internal and untrusted the external or the dmz if they are in your house, but this needs an other net card (an other lan). you can set some filtering based on IP, but I'm not sure it's secure and anyway it's difficult to setup. finally you said "This morning i had to shut down the firewall to enter my Lan.", so the day before the firewall was nice, what did change in between? I beg you use an samba network and windows samba is buggy and needs to open nearly anything to work as was said from the beginning by an other writer. http://lists.opensuse.org/opensuse-factory/2007-09/msg00335.html but if I understand well, doing so is nearly the same as stopping the firewall. use of samba server on suse fixes the permission problem. jdd -- http://www.dodin.net --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org