i got this news today and i tried to install the
firewall v1.4. I used "rpm -U firewals.rpm" as
you have recommended but i got this error:
faild dependencies: firewall conflicts with fct-1.1.0-61.
What is wrong ? I hve Suse V6.3.
just do:
rpm -e fct
which will remove the buggy and shitty fct package.
then install the update.
Greets,
Marc
-----Original Message-----
From: Marc Heuse [mailto:marc@suse.de]
Sent: Sunday, December 19, 1999 1:39 PM
To: security@okdesign.de
Cc: suse-security@suse.com
Subject: [suse-security] msq bei SuSE6.3 (fwd)
Hi,
please, everyone who uses or wants to use the SuSE firewall script, please
update to at least v1.4, which rpm is available on the ftp site.
(if you feel like beta testing, v1.5 is available as .tar.gz file from
http://www.suse.de/~marc)
before doing an update "rpm -U firewals.rpm", please execute the following
command:
"mv /etc/rc.firewall /etc/rc.firewall.orig"
and reconfigure the firewall after installing the update.
I recently installed the new SuSE 6.3 and since then I try to enable
masquerading. Unfortunately without effort.
the package builder forgot to create the start scripts in rc2.d, so the
firewall scripts can not be started during boot ... :-(
v1.4 also has got more masquerading features.
Everything is documented in the rc.firewall file.
(I pasted below my signature the CHANGE file of the SuSE firewall script
since the version which is on the CD. current beta is v1.5, the version on
the update ftp rpm is v1.4)
Greets,
Marc
--
Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: marc@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C
v1.5 16.12.99 (beta version)
* Changed the firewall setup during bootup, now there are three
parts:
1) Filters everything incoming, just allows dhcp replies.
This is done before interface setup.
2) Setup the filters,
This is done after interface and routing setup
3) Final setup of the filters. This is only necessary, if
either FW_SERVICE_DNS or the FW_AUTOPROTECT features
are used.
This is done as the last step of runlevel 2 (or 3)
This fixes some problems an adds even more security through bootup
* Added FW_SERVICE_DHCLIENT in rc.firewall for dhclient users
* Fixed some typos (thanks Fabian)
v1.4 26.11.99 (gamma version) -> SuSE update
* Added some text to rc.firewall to help understanding the
configuration options
v1.3 18.11.99 (beta version)
! SuSEfirewall, which rpm name is "firewals" was incorrectly build
for SuSE 6.3 - the start scripts in rc2.d are missing :-(
* Added "SuSEfirewall stop" option, which will disable the firewall
* Added new options to load rules anyway if the interface is not
active. Requires static IP addresses of course.
Check out FW_DEV_{WORLD,INT}_[device] examples in rc.firewall
* Added support for defining a masquerading interface and masq
modules
* Added special support for DNS (new question 14 inserted, set
FW_SERVICE_DNS to "yes", if you are running named.)
* Disallowing 0/0 in FW_LOCALNETS
* Fixed some more mixed up log_deny and log_accept definitions
* Added online kernel config for reassambling of fragmented packets
* Fixed two warning messages when ip_forwarding was of (FW_ROUTE=no)
* Added adaptions for SuSE 6.3 introduced by the package maintainer
:-)
* Added the GNU GPL licence file to the package
* Misc. beauty stuff
--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com
--
Greets,
Marc
--
Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: marc@suse.de Function: Security Support & Auditing
"lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C
marc@suse.de