On Tue, Apr 30, 2013 at 09:54:51AM -0500, Juan Luis Baptiste wrote:
On Tue, Apr 30, 2013 at 9:18 AM, Marcus Meissner
wrote: Why are there rules being created for the not configured interfaces, in other words, why are they being added by default to the external zone if those interfaces aren't being used, not even configured ? is there a way to avoid this ?
You can try avoiding to set a default zone using FW_ZONE_DEFAULT='no'
(default is auto)
Thanks, this worked. But just to understand, why SuSEfirewall2 does this by default ? is there any security consideration I should be aware of when changing FW_ZONE_DEFAULT to no ?
The idea is for dynamically plugged interfaces, as the other poster replied. There should not be any security issues, as the fallback for unconfigured interfaces is "DROP". Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org