Philippe Vogel wrote:
To restart it has shown to do so:
/etc/init.d/SuSEfirewall2 stop && /etc/init.d/SuSEfirewall2 start
That opens your machine to the world for a moment as stopping the firewall removes all filter rules and sets the policy to accept. Only for a small amount of time and with a secure system it is not a
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ludwig Nussel schrieb: problem. Mention: A secure system only opens a limited amount of ports - A System not opening ports doesn't need a firewall and is as secure as the user of this system. Not using a virus scanner is not a risk if you know what you do and you use a "non victimizable" os (don't answer to this as this is a kind of philosophy for some persons)!
instead of:
/etc/init.d/SuSEfirewall2 restart
A simple restart sometimes doesn't work from my experience (some chains still remain)!
Huh? Please open a bug report if that's reproducible.
cu Ludwig This is reproducible but not in all cases SuSEfirewall2 shows this behaviour.
The next thing in mind is that all DMZ-chains get initialized without having a DMZ so I customized the script a bit without the DMZ-chains (without uneccessary chains - and there are a lot even remaining - the script runs faster). Another thing would be customizable QoS-chains which I always edit for some services not listed there. Regards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQD1AwUBRVdbJkNg1DRVIGjBAQIyYQb/SvomhQHibhDvpGhUtikFOFc4TgwQz7GL ylpN0hre5tHJuI26hKSPIeNZx1CN689pyQQocxJM7m5/QSaILHkqyp0Ho1DksBVs 9e3yoZ6ufG3fqHCPPhIw4ioHT51ugka54BVPSJqlrVZrf0vMH8caUCiPs3blnEGp tPYTrgPYXos4pElOJlIxe1R/MmIBR2Lug4nfoWLlC5YgEBL4Gm3/VFwhEZ8KMhPI yf3Z8Qw1+urAmqVjSZoNEKF0CnGzjzXpA+TzmCwUvPV9QVU9TeTF5aeHIOy2IAOD XG0C8WHFBpE= =Dnp9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org