Hi List, I agree that this topic has turned into something that does not belong here. I have _very_ good results with SuSEfirewall, and I think it has helped many people a lot. Still, if somebody is not comfortable with it, then just dump it and install something else - that's linux. But try at least to find some docs (and there are docs) before you decide to start flaming a tool that includes lots of work and effort. And please don't use this list for this kind of discussion. In any case, good luck with whatever you try to achive Peter
-----Original Message----- From: Philippe Vogel [mailto:filiaap@freenet.de] Sent: Mittwoch, 8. Januar 2003 09:10 To: suse-security@suse.com Subject: Re: [suse-security] Urgggggg!!! SuSEFirewall2 is getting on my nerves!!!!! --- what a title :-)
first of all, i absolutely understand all of your grieve (well most of it), ive been through much of the same. came to the point of contemplating suicide , feeling too stupid to get such a small thing to work etc....
Hm, maybe I got some more time to read some manuals, first of all you should read the files in /usr/share/doc/packages/<Package>. If there is nothing then look in the support database @ SuSE or unofficial SuSE FAQ. If there is no hint try e.g. www.google.de/linux (for germany others use their suffix) and use simple expressions for your search. Most solutions are in english, so filter searchlist only in engl. and your native language.
so then i -disabled susefirewall , i personally think it sucks.
Hm, wasn't this list some kind of security related? If you are using linux there is no clickediclick mouse drag and drop like in teletubby world. And you think "I got XP and my personal firewall" but wasn't there a server you use for routing? The SuSEfirewall is very good documentated in the config file and in each section there is something say what or how something is to be done. Most questions inside this list are made but mostly the questions are answered, inside the configfile within the remarks to each section. Probably with modem it is unfortunately that your system will get hacked. If you wanna use kazzaa or something like that you will need port forwarding to your win os box (e.g. this provides the SuSEfirewall). You should use to get minimum security personal firewall from SuSE to prevent incoming connections with connection tracking (new, related, established). The new version for 8.1 (the updates one) should work for 7.3 as well and has some nice features e.g. a simple setup. What most postings show there is only a small amount of information give for beginners how the SuSEfirewall1/2 works - for a simple workstation it is no problem to be setup.
For routers you got to:
- enable forwarding in firewall or manually set the option (echo 1 > /proc/sys/net/ipv4/ip_forward) - write a routing table - configure internal network to use router as default gateway (and use public ip's like 192.168.0.x) - enable masquerading
Due to the functionality of ipchains/iptables it is slightly different to windows firewall systems. Portforwarding, connection tracking, chaining and dmz are some features that are missing in most windows firewalls, bacause mostr ones are "personal" ones. There should be some extra info on that in a small FAQ in the /usr/share/doc/packages/SuSEfirewall(2) - unfortunately the info should be read as well!
is susefirewall2 so much different to susefirewall ?
Hm, not at all! Only SuSEfirewall is for 2.2.x kernel/ipchains and SuSEfirewall2 for 2.4.x kernel/iptables. I personally like more recent iptables so I don't use the ones provided with 7.3 and compile them for my own including the kernel.
Philippe