Hi folks! Much much work have been put into the new version of SuSEfirewall-1.9. This will be (hopefully) the last beta before the official v2.0 rpm update. So please, everyone who has got time and pleasure, check this beast out. You'll have to re-edit the rc.firewall, because variable names were changed. You can find it at http://www.suse.de/~marc (might take some hours until it's available on the webserver) Local SuSE guys can find the package at ~marc/public/SuSEfirewall-1.9.tar.gz What has changed? Many things: CHANGES v1.9 24.01.00 (beta version) * If an error occurs, firewall rules will be reset now! (plus msg print) * Added support for a DMZ in rc.firewall (FW_DEV_DMZ, FW_ALLOW_PING_DMZ) * Restructured rc.firewall and renamed some variables !!! * Moved code from "firewall" to "SuSEfirewall close" * Cleaned up the "firewall" init.d script * Removed empty lines in the error output * Now aliased interfaces should be supported ("eth0:1"). Please test. * Plugged a hole where FW_LOCALNETS could access any port on the firewall from the internal network even if they should not. * New file: EXAMPLES - shows example setup and configurations! * New file: HOLES - these "vulnerabilities" exist when using this tool * New executable: openports - checks which ports are accessible, provided by Andi Kleen <ak@suse.de> - thanks! * New option "SuSEfirewall -h" which shows commandline options * New option "SuSEfirewall check" which runs openports queries. * Now first rc.config will be loaded, then rc.firewall, to prevent problems for people who have the old "firewall.rpm" installed. * Karl <ke@suse.de> did a spell check on the german and english textfile. Big, big thanks! Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C