-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! Marcus Meissner schrieb:
On Tue, Jun 21, 2005 at 06:45:14PM +0200, Jürgen Mell wrote:
Hi List,
On Tuesday 21 June 2005 14:38, Frank Stuehmer wrote:
Hi list,
just tried to use fresh installed Suse 9.3 updated with you.
SuSEfirewall2-3.3-18.2
/etc/sysconfig/SuSEfirewall2 with FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
Start FW complains, four lines "iptables: No chain/target/match by that name"
Reasons are in /sbin/SuSEfirewall lines 1460 and 1469: for CHAIN in $input_zones; do --> chain=input_$chain
should be "CHAIN=input_$CHAIN".
Frank Stuehmer
There is another typo in line 1629 (the line-wrapping is done by kmail - originally this is one long line)
$LAA $IPTABLES -A $chain -d $net1 $snet2 $proto $rport -i $dev -j LOG \ ${LOG}"-`rulelog $CHAIN`-ACC-MASQ " -m state --state ESTABLISHED,RELATED
should probably read
$LAA $IPTABLES -A $chain -d $net1 $snet2 $proto $rport -i $dev -j LOG \ ${LOG}"-`rulelog $chain`-ACC-MASQ " -m state --state ESTABLISHED,RELATED
I have opened a bugreport for these problems and we will be fixing this.
Ciao, Marcus
There is another bug (no real bugs but useless chains): If I got a Webserver and don't use the SuSE bux as a router but only as a firewall for the webserver or whatever single nic server you get unnecesary chains: forward and dmz rules If you don't need dmz rules there is no specific rule to not set them up. For that purpose I rewrote it kind'a' more suitible for me. Next thing is I setup special rulesets for me: block internal (machines with no access to internet, e.g. printserver, ) block external (machines which do malicious stuff, standard block groups, etc.) Would be a nice feature to implement that. Reguards Philippe - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQD1AwUBQrlP+ENg1DRVIGjBAQInMgb/WwfRmVkBt7Ozqc9hdlmn/1RQt4Hjkhal l/r8iwCPYn5Dwa9fZQutHJ72gno5RI9juzoKuNBaZmj7xOLyjwuOkHbyU0eI7z6n z8UmNZPAAfEY9lA/bVUdKLICu3XPdWmZm5hD/I0t7sc32Oz+aPNC4gEYwzhcrL3h Rcbr8DfNwing57qo6Vi2Xj1/vVKR7XzSp09HRQCRZM9AKLCoS3/fiziuMkpP17LS ObO/2lmPE89pxdUD7KTxjVdphTyo+fsZPYu67pvhJOACmL1D6UjpPqcnoBqMwpRH bpEZgEsXAys= =bwaC -----END PGP SIGNATURE-----