On 10/29/2012 12:59 AM, Togan Muftuoglu wrote:
On 10/28/2012 08:36 PM, Marc Chamberlin wrote:
Thanks Togan , nice way to strip out comments! I have posted the SuSEfirewall2 configuration to
and left the default expiration at 1 week. Hopefully someone can find something interesting that I have overlooked! Ok first tighten up your config a bit and remove "any" from the DEV_EXT so it looks like FW_DEV_EXT="eth0"
When you have FW_PROTECT_FROM_INT="no" then you do not need to specify FW_SERVICES_INT_TCP and FW_SERVICES_INT_UDP so you may want to remove them. Best way during testing is comment them and and empty versions of them with an empty line after the variable ie.
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
For testing purposes also make the following changes
FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes"
These will cause lots of logging so once you are done with the testing revert them back to their default no
So for testing once the above is corrected with root privileges /sbin/SuSEfirewall2 start
Begin trying to use your application and send the relevant part of the logs, ie if the service is unreachable then find the log entries which are dropped and send them or use susepaste.org which in that case send the paste id
Togan Thanks for the good suggestions Togan, on how to improve SuSEFirewall2! Much appreciated.
I made the changes you suggested, then restarted the firewall, and tried to ping devices on my external network, from inside my internal network. No joy. I did a tail -f /var/log/firewall and post the output to http://susepast.org/34186a92 but I don't think much of relevance really got logged. Perhaps you will see something I don't.. I can try an do it a few more time, the output is different each time and I suspect mostly from other systems on my internal network communicating with the internet. Marc.. -- "The Truth is out there" - Spooky -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org