I have a similar problem and tried the FW_TRUSTED_NETS to enable
www-access to one special client. But the uSe firewall drops the
packets. Do you have any idea??
Von: Peer Stefan [mailto:firstname.lastname@example.org]
Gesendet: Mittwoch, 28. Mai 2003 13:24
Betreff: RE: [suse-security] Blocking ports and services[Scanned]
> From: Dietmar Stein [mailto:DStein@phoenixcontact.com]
> I am new to the list but I have gone through archives and
> several internet
> resources before, but I can't find a detailed answer, so I am
> asking ...
> I have a machine running SLES7 (fully updated), which has
> only one ethernet
> interface (eth0). The machine is running SAP and Oracle and I want to
> ensure that only some IP addresses can connect to SAP (which
> is running on
> ports 3200, 3300, 4800, 3600); all other services except ssh should be
> unavailable to the local network.
If you can find a subnet for all "allowed" ip addresses this will be
very easy. E.g.
FW_TRUSTED_NETS="10.100.0.0/16,tcp,80" enables HTTP-access for every ip
within the 10.100.0.0 subnet.
> What do I want? I want to have access to SAP/Oracle from only a few IP
> addresses and all other services blocked (except ssh which should be
> public). I have tried to use SuSEfirewall without success (it
> won't start
> if I do not specify an extrenal device and if I specify it, I
> lock myself).
A trick of not locking oneself out of the box is to add the ip-address
to the FW_TRUSTED_NETS variable ;-)
> Any suggestions?
> Thanks, Dietmar
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help(a)suse.com
Security-related bug reports go to security(a)suse.de, not here