RE: [suse-security] IP alias and SuSE firewall
hi
Aliases in IPTABLES and IPCHAINS do not know aliases. There's no ippp0:0, only ippp0. You can only distiguish by ip: -i ippp0 -s 10.0.0.0/8 and -i ippp0 -s 172.16.0.0/12 or something like that.
Got no clue about SuSE firewall though, but there's no way around the alias limitiation. FW_DEV_EXT="eth0 eth0:0 eth0:0:1" works (SuSEfirewall2), but SuSEfirewall2 uses IP-addresses, not interfaces - therefore it's a bit tricky with dhcp-addresses ;-)
another funny thing is the wildcard character '+': * "iptables -A INPUT -j ACCEPT -i 'eth0:0' -d 10.100.4.216" does not work. * "iptables -A INPUT -j ACCEPT -i 'eth0+' -d 10.100.4.216" works for eth0:0 but not for eth0 (if you have just one virtual interface) regards, stefan
hi, I have the following setup on ipchains (simplified) step 1: Set all policies to deny ipchains -A input -i ! lo -j DENY ipchains -A output -i ! lo -j DENY step 2: Allow whatever else. ipchains -A input ...... ACCEPT step 3: Add the following line (to reject everything else): ipchains -A input -j REJECT step 4: Restore default policies The problem is with step 3. After I run the script, I type in "ipchains -L" which takes forever to execute. The same when I try to connect to my box. Now I suspect that it might be doing reverse lookups on the dns. Am I right or is thre something wrong with my assumption of ipchains? thanks to anyone who can help rgds
participants (2)
-
Peer Stefan -
Terence