services from listening on the outside interface and configure the firewall to refuse connection attempts to unwanted services on the outside interface.
Actually, you should disable everything that you don't need. If this is the case, you can still limit access to open ports to addresses that you trust. If all of this is done (takes a minute), you should be fine.
I would advise that, out of the box, SuSE should not be place on the Internet with no protection. However, with a bit of configuration, SuSE can be reasonable secure on the Internet.
open ports are 22, 111, 6000. If you manage to close these ports (easy. :-), then you wouldn't even need a firewall any more. There were occasions where some filter rules have helped to work around a problem in the Linux kernel (crash bugs, if the packets indeed reached higher layers than the netfilter code), but these cases are really rare and usually do not serve as a good reason to run firewalling rules on a SUSE system. What I'd be interested in: What are the protection measures that you would put in place if you wanted to secure a SUSE system for internet use? I'm sure we know some... :-) But maybe you have some ideas that will help us to make our job better.
Regards,
-GS
Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // Nail here | SUSE Linux AG - Security Phone: // for a new | Nürnberg, Germany +49-911-740530 // monitor! --> [x] | - -