Uninstall Shorewall and use SuSEfirewall2 -or-
Change /etc/rc.config to START_FW2="no" and set your parameters in
ShoreWall
But make a choice.....they don't both co-exist
========================================================================
tux the turtle
05/09/02 03:10 PM
Please respond to tux the turtle
To: suse-security@suse.com
cc:
Subject: [suse-security] SuSE firewall 2 - iptables-error
Hi out there;
setting up (once more) my SuSE 7.3 I got the following on boot up:
Starting Firewall Initialization: (phase 3 of 3) iptables v1.2.2: Can't
use
-D with -A
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.2: Can't use -D with -A
I run a small private net as shown below:
ISP <-> Desktop/Firewall <-> Laptop/Firewall
The message above is from the Desktop-PC; my firewall2.rc.config contains
these:
FW_DEV_EXT="ippp0"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="192.168.0.0/24"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="smtp domain"
FW_SERVICES_EXT_UDP="domain"
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="ssh smtp domain"
FW_SERVICES_INT_UDP="domain syslog"
FW_SERVICES_INT_IP=""
FW_TRUSTED_NETS="192.168.0.0/24"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain"
FW_SERVICE_AUTODETECT="no"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix
Firewall "
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="yes"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
all other unchanged
Any hint?
Besides that (and OT): i run smpppd. If it's the smpppd that disconnects
my
ippp0 (capi-drv from Fritz!) the machine hangs while shuting down because
of
an ippp0 usagecount != 0 (message from kernel: unregister_netdevice). Any
hints of setting a timeout or forcing unregistering?
Thanks in advance...
Tux the turtle
--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here