Hi folks, please take a note of the following information about the firewals/SuSEfirewall package: Current stable version is v2.1 which is available as an update rpm for 6.3 and 6.4 from the usual FTP servers. If you upgrade from 6.3 or the v1.4 update please note that you can't keep/use your old config file, because some variables were renamed and several features were added. Also the config file location has changed from /etc/rc.firewall to /etc/rc.config.d/firewall.rc.config ! Updating is recommended, however if everything works for you and you don't needed the extended options, you don't need to. A NEW BETA IS AVAILABLE! The current beta version is v2.3, which is available from http://www.suse.de/~marc Please note that several new features were added since v2.1 so it should be tested as much as possible. Everything added works for me, but please send an email if you use the beta and tell me if everything works for you or not! It is currently not planned to add more features, so testing is needed to get to another stable version. The following CHANGES were done to the 2.3: v2.3 15.04.00 * Added service restriction to the masquerading to e.g. allow internal machine only to port 80. This is also done via FW_MASQ_NETS - there is now an extended syntax available! old (and still valid): "10.0.0.0/8" new (extended syntax): "10.0.0.0/8,tcp,80" allows web only. etc. * Changed the ipmasqadm -I statements to -A because the original way did not work for some people. weird. please test. * Put more example configs to the EXAMPLES file * Beautified and enhanced the INSTALL script a bit v2.2 06.04.00 (alpha version) * Added the long awaited FW_SERVICE_SAMBA support! * Added FW_FORWARD_MASQ_{TCP,UDP} so people can make their webservers on the internal, masqueraded nets available to the internet. * Now masquerading timeouts are set * NOTE: changed the preconfigured value of FW_ALLOW_INCOMING_HIGHPORTS_{TCP,UDP} to "yes" * Renamed the file HOLES to PROBLEMS * Fixed some few typos Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C