-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 2003-02-09 at 18:13, T. Ermlich wrote: Hi again,
maybe I'm too stupid ....... but isn't there a difference between
protocols? I thought I understood iptables, but you're reply shows me I didn't. Here's an example: /usr/sbin/iptables -A INPUT -s 192.168.0.25 -d 64.65.66.67 -p udp --dport 500 -j ACCEPT /usr/sbin/iptables -A INPUT -s 192.168.0.25 -d 64.65.66.67 -p 50 -j ACCEPT Line 1 is related udp port 500, while line 2 is related to protocol
ports & 50.
Or am I totally wrong?????
Nope, you're right. Ports are not protocols. But again, everything is there. Protocol 50 (and 51) are used for most ipsec compliant encryption packages. I.E. M$ boxes will tipically use: IPSec: ISAKMP UDP: 500 ESP IP Protocol 50 AH IP Protocol 51 [sniped from /etc/sysconfig/SuSEfirewall2] # For IP protocols (like GRE for PPTP, or OSPF for routing) you need to set # FW_SERVICES_*_IP with the protocol name or number (see /etc/protocols) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [sniped from /etc/protocols] #ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6 #ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6 [snips] Well, all you need is edit /etc/sysconfig/SuSEfirewall, go to line ~ 259 if want allow those protocols and: # For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="50 51 (or enter protocol name)" ^^^^^^^^^^^^^^^^^^^^^^^^^^ You're done. - -- "The Man, he is not; he becomes." - NEHER. .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND NATEL 079 543 1935 http://counter.li.org Linux user #301007 mailto:mfoacs@e-workshop.ch http://mfoacs.e-workshop.ch - ---------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Gnome PGP version 0.4 iD8DBQE+RpyOlhxWYRfZRJQRAheWAJ9gO4agLgwYIKYsy/RSXB7RS+CUBQCfZqKC nqoyY3Hh6jhk2HPnhvHCUfQ= =pOZP -----END PGP SIGNATURE-----