Hi David,
I don't see anywhere in yast where I can configure the suse firewall to limit connections to a port to a subnet as well. Is this possible in the gui?
So, for example, I want to limit who can ssh to a machine to 3 subnets, can I do something like
port 23 host allow 129.219.0.0/32 ?
--> I don't know about the GUI but in the SuSEfirewall configuration file /etc/sysconfig/SuSEfirewall2 there is a variable called "FW_TRUSTED_NETS" where you can put FW_TRUSTED_NETS="129.219.1.0/24,tcp,22 129.219.2.0/24,tcp,22" or something like this depending on your subnets. Additionally, you should use /etc/hosts.allow to restrict the access to the sshd daemon via the tcpwrapper mechanism. By the way, the port for SSH is 22. Port 23 is used by TELNET (which you really don't want to allow). HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50