[opensuse-factory] Re: SuSEfirewall [was: Massive Feature Request of new Yast Modulesfor 10.3]
![](https://seccdn.libravatar.org/avatar/c2245049e7e6a67166114fef782634e3.jpg?s=120&d=mm&r=g)
Reply on 28-11-2006 9:47:01 <<<
Pascal Bleser wrote:
What do you think ?
I'd rather vote for enhancing the firewall module ;) FTP server isn't a bad idea though, help about that is asked now and then on #suse (IRC).
I have plans (and features) to enhance the firewall module in 10.3 but it would be nice to hear what exactly users need.
Could you, please, give me more information? You can also send me a patch then :) ;)
Thanks Lukas
Not sure if I'm now gonna tell something stupid or wrong.. but if so, please tell me... that's called 'the process of learning'. The last time I was digging a bit deeper inside the SuSEfirewall2 config for configuring a DMZ, I had quiet a problem with giving privileges from the DMZ to the internet segment. A rule like $NET_DMZ,0/0,udp,53 is quiet nice, but also allows access on udp,53 to the internal segment (it was a bastillon host, 3 nics). For udp,53, you can say, ok... bearable.. but then comes the next an next thing to open.. for all the different things needed. (oh: I defined of course variables like $NET_DMZ=x.x.x.x/26 at the beginning of the Surefirewall config file... made it a lot easier to read and to maintain. So maybe a rule like $NET_DMZ,$DEV_EXT,udp,53 would be very nice to have... I assume it won't be the easiest for the parser to recognice when you talk about a deviceclass and when about an net/host, but it would be great. Another problem might be that $DEV_EXT may contain more than one device, thus rendering the syntax of the previous command illegal. Dominique --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (1)
-
Dominique Leuenberger