On Tuesday 26 October 2004 09:57, Janne Karhunen wrote:
Any chances SUSEFirewall2 could be setup to do egress filtering? I'd only like to allow outgoing traffic to certain ports - so is there an easy way, or do i have to set up custom rules?
very very easy to do this. # Which internal computers/networks are allowed to access the internet # directly (not via proxys on the firewall)? # Only these networks will be allowed access and will be masqueraded! # # Choice: leave empty or any number of hosts/networks seperated by a space. # Every host/network may get a list of allowed services, otherwise everything # is allowed. A target network, protocol and service is appended by a comma to # the host/network. e.g. "10.0.0.0/8" allows the whole 10.0.0.0 network with # unrestricted access. "10.0.1.0/24,0/0,tcp,80 10.0.1.0/24,0/0tcp,21" allows # the 10.0.1.0 network to use www/ftp to the internet. # "10.0.1.0/24,tcp,1024:65535 10.0.2.0/24" is OK too. # Set this variable to "0/0" to allow unrestricted access to the internet. # FW_MASQ_NETS="" So set FW_MASQ_NETS="192.168.0.0/24,0/0,tcp,80 \ 192.168.0.0/24,0/0,tcp,443" Or as per your requirement. The default is to have this set to "0" which allows everything through. B