traceroute to SuSEfirewall - openSUSE Security - openSUSE Mailing Lists

newer
nntp and irc

traceroute to SuSEfirewall

older
Open Source call graph paper...

Frank Stuehmer

20 Jun 2006 20 Jun '06

09:33

Hi, in earlier versions of SuSEfirewall there was a parameter FW_ALLOW_FW_TRACEROUTE. In version 3.3 isn't. I could use FW_ALLOW_INCOMING_HIGHPORTS_UDP but it's deprecated. How may I allow to traceroute the firewall? Frank

Reply

Sign in to reply online Use email software

Show replies by date

Ludwig Nussel

20 Jun 20 Jun

10:39

New subject: [suse-security] traceroute to SuSEfirewall

Frank Stuehmer wrote:

in earlier versions of SuSEfirewall there was a parameter FW_ALLOW_FW_TRACEROUTE.

In version 3.3 isn't. I could use FW_ALLOW_INCOMING_HIGHPORTS_UDP but it's deprecated. How may I allow to traceroute the firewall?

The feature FW_ALLOW_FW_TRACEROUTE provided is no longer needed as the OUTPUT chain doesn't DROP anything anymore. FW_ALLOW_FW_TRACEROUTE never opened the necessary udp ports to make traceroute work, you always had to do that yourself. You do not want to use FW_ALLOW_INCOMING_HIGHPORTS_UDP though as that would open even more ports than actually required. You may use FW_SERVICES_EXT_UDP for opening the required port range. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/

Reply

Sign in to reply online Use email software

6771

Age (days ago)

6771

Last active (days ago)

Download

1 comments

2 participants

tags

participants (2)

Frank Stuehmer
Ludwig Nussel