If one knows how, yes, it's easy. Alas, SuSE's firewall documentation is
not well documented in that aspect. Besides IPv6 problems, the firewall
itself is configured out of the box to deny nearly all network traffic,
which is not very practicable for a typical Web/LAN Server box, indeed.
This firewall even requires custom rules to allow unlimited access from
the internal network to external networks, such as the Internet, go figure.
Here's the only way how to do it with SuSE firewall:
1. Open /etc/sysconfig/scripts/SuSEfirewall2-custom in a text editor
2. Seek to the section "fw_custom_before_antispoofing()"
3. Enter your custom firewall rules. I.e., block a specific address:
iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP
Raphael Leplae wrote:
> I've setup the SuseFirewall2 on my web server, allowing access just
via http and ssh, that was very easy with the GUI.
> Now if I need to block a specific domain, let say *.123.123.123, is
there a simple way to do it in /etc/sysconfig/SuSEfirewall2 ?
> I was expecting something like:
> but nothing like that in the examples provided in
> I guess there is a simple way to do it.
> Thanks in advance.