Am 22.06.2005 13:48schrieb Philippe Vogel:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello!
Marcus Meissner schrieb:
[...]
I have opened a bugreport for these problems and we will be fixing this.
Ciao, Marcus
well - if you are working on SuSEFirewall - I found another bug/feature.
SuSE 9.2 in the Firewall-Config it says: # 10.) # Which services should be accessible from 'trusted' hosts or nets? # # Define trusted hosts or networks (doesn't matter whether they are internal or # external) and the services (tcp,udp,icmp) they are allowed to use. This can # be used instead of FW_SERVICES_* for further access restriction. Please note # that this is no replacement for authentication since IP addresses can be # spoofed. Also note that trusted hosts/nets are not allowed to ping the # firewall until you also permit icmp. # # Format: space separated list of network[,protocol[,port]] # in case of icmp, port means the icmp type # # Example: "172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22" but in SuSE 9.2 (I don't know if 9.1 also) SuSEFirewall is complaining if no protocol is given to the ip. If you want a whole access from one IP you have to write s.th. like "x.x.x.x,tcp x.x.x.x,udp x.x.x.x,icmp" etc etc... (maybe already fixed in 9.3 but I didn't get any Update for 9.2). Regards Christian