On Fri, Oct 03, 2003 at 08:59:46PM -0400, Rafael E. Herrera wrote:
Hello,
I would like to be able to have a machine with that allows remote connections through SSH. It should also accept traffic through 15 UDP ports.
The SSH and 15 UPD ports traffic should be limited to two subnets: in the example below, they are 12.203.150.0/24 and 12.203.162.0/26. All other traffic should be rejected.
The machine will not act as a router, I just want to use SuSEfirewall2 as a personal firewall. I only has one network card.
Will the configuration file below satisfy the requirements I've stated?
I suspect I'm allowing anybody to connect suing ssh by setting FW_SERVICES_EXT_TCP, is that correct?
Yes, you are right. You have to use FW_TRUSTED_NETS if you want to allow access from those nets only.
I'd appreciate any suggestion.
Rafael
-------------------------- FW_QUICKMODE="no" FW_DEV_EXT="eth0" FW_DEV_INT="" FW_DEV_DMZ="" FW_ROUTE="no" FW_MASQUERADE="no" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="" FW_PROTECT_FROM_INTERNAL="yes" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="ssh"
FW_SERVICES_EXT_TCP=""
FW_SERVICES_EXT_UDP="40001:40015"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="12.203.150.0/24 12.203.162.0/26"
FW_TRUSTED_NETS="12.203.150.0/24,tcp,ssh 12.203.162.0/26,tcp,ssh 12.203.150.0/24,udp,40001:40015 12.203.162.0/26,udp,40001:40015" Regards, -Kastus