* J Leslie Turriff <jlturriff@mail.com> [02-02-21 21:21]:
I want to block network access for some programs. I found this suggestion
https://serverfault.com/questions/550276/how-to-block-internet-access-to-cer...
which seems to do what I want, but I can't see how to add the following rules using YaST Firewall:
iptables -A OUTPUT -m owner --gid-owner no-internet -d 192.168.1.0/24 -j ACCEPT iptables -A OUTPUT -m owner --gid-owner no-internet -d 127.0.0.0/8 -j ACCEPT iptables -A OUTPUT -m owner --gid-owner no-internet -j DROP
I haven't looked at firewall settings for a long time, and now I find that YaST Firewall doesn't seem to allow any but generic controls (and a very confusing list of zones). What's the right way to do this?
I don't know if still the way but using SuSEfirewall2, edit: /etc/sysconfig/scripts/SuSEfirewall2-custom and include FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSEfirewall2 but most are now using firewalld and installing yast2-firewall-4.3.9-1.2.noarch allows customizing examples abound on giggle -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode