Pupeno wrote:
Which is the standard way in SuSE to configure a firewall without using SuSEfirewall, just plain IPtables, or how can I do it (I don't wanna do a dirty script and put it anywhere and run it at anytime). thank you. Carpe diem!
a good start is the following script, hope thats ok for you :) #!/bin/sh IPTABLES="/usr/sbin/iptables" WORLDDEV="ppp0" # connection tracking for ftp insmod ip_conntrack_ftp # create and flush mychain $IPTABLES -N mychain $IPTABLES -F mychain # statefull filtering $IPTABLES -A mychain -m state --state ESTABLISHED,RELATED -j ACCEPT # newconnections can come local or internal, but not from outside $IPTABLES -A mychain -m state --state NEW -i ! $WORLDDEV -j ACCEPT # if you want logging, uncomment this line. It logs with the prefix Firewall: #$IPTABLES -A mychain -j LOG --log-prefix "Firewall: " # we want to reject/drop all other packets $IPTABLES -A default -j REJECT # all packets incoming or forwared to the mychain $IPTABLES -A INPUT -j mychain $IPTABLES -A FORWARD -j mychain -- intraDAT AG http://www.intradat.com Wilhelm Leuschner Strasse 9-11, 60329 Frankfurt Tel: +49-69-25629-0 Fax: +49-69-25629-256