Hi folks, SuSEfirwall v2.6 with no known bugs will be on the SuSE Linux 7.0 - great! I'm already developing the tool further and implemented the following features into the 3.0 beta which is available from www.suse.de/~marc shortly: v3.0: * Added FW_FORWARD_IP and FW_SERVICES_*_IP to support VPN and Routing Prptocols (e.g. OSPf, or GRE for PPTP) * Filter Config filename is now printed to syslog * Enhanced the masquerading timeouts to a more clever value * Added lockfile support (idea by franz@knipp.org) to prevent filter rule corruption if several SuSEfirewall instances are running especially the *_IP options are important to be able to use IPSEC and other VPN protocols like CIPE and PPTP. This was heavily requested :) Please note that I see no way to implement the following feature: several people requested an option to allow free communication between interfaces of the same class (e.g. between two internal networks) but this is not possible without much work by the user, because there is no way to configure with with ipchains. You'd have to know all networks reachable behind that adapter, something which is not possible to do automatically. so my configure work so in my opinion the FW_FORWARD_* (especially the new _IP) are the easiest solution. Comments/Ideas welcome! Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Support & Auditing PGP: "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C Private: http://www.suse.de/~marc SuSE: http://www.suse.de/security