...

let's me tell you in these steps (sorry for my bad english): 1. I have 2 NIC: 1 internal and 1 external. the external is using public IP. 2. on yast, i check masquerading 3. external and internal allowed service ONLY

On Wed, 2006-07-19 at 23:08 -0700, The Nice Spider wrote: listed:

...

http 4. but my clients can access any outside POP/SMTP server (including yahoo using Ypops in their local PC), and maybe many others services.

If you want to control _outbound_ access look into using squid, that is what it was designed for. The firewall is designed mainly for _inbound_ access control.

KS

oops! i see sf2 also open unpriviledges ports! i suggest to block all icoming ports by default otherwise open only priviledges ports! using squid is not the solution, because iptables can handle this simple thing. bug in sf2 documentation: - section 11. default value is no BUT my clients can access port >6000 for IRC! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory-help@opensuse.org