This is only the beginning of the script. I wanted to make sure everything worked before I locked it down, that's all. -----Original Message----- From: Stefan Tichy [mailto:nobody@localhost.invalid] Sent: Tuesday, March 02, 2004 1:05 PM To: suse-security@suse.com Subject: [suse-security] Re: firewall help.. On Tue, Mar 02, 2004 at 05:51:52PM +0100, maarten van den Berg wrote:

On Tuesday 02 March 2004 17:05, Gilmore, Eric wrote:

...

Can anyone give me a clue? The basics are:

Hm... reading on I notice you don't use the Suse firewall filter. Why

not ?

The listing of iptables rules looks strange. There is an allow policy and there are lots of allow rules, but nothing is denied. There are LOG targets at the end. They will not log anything because the pakets have already been accepted. The rule specifications for POSTROUTING chain are probably uneccessary. I am not shure, because I did not really find out what you are trying to do. Maybe it is easier to use the SuSE firewall script to generate the iptables rules (that is what SuSE firewall does).

...

-afp (apple) connections from anywhere

See samba, the services are fairly similar.

In addition to the filter rules it is neccessary to allow the connection with some /etc/hosts.allow entry. -- Stefan Tichy ( s.list at pi4tel dot de ) -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here