On 23/10/06 14:43, Greg Wallace wrote:
On Monday, October 23, 2006 @ 2:38 PM, Darryl Gregorash wrote:
<snip>
Since you don't even have an internal device defined, protecting the system on the internal zone isn't even necessary.
Ok, I see what you're saying. So checking that box has no bearing on how the firewall works. I still have questions about the "Allowed Services",
From what you've been saying, evidently it does. However, I have no idea what it does when there is no internal network device specified.
however. If I add HTTP CLIENT and HTTP SERVER as allowed services in the external zone, I still can't access my Apache server from an outside machine. Only if I specifically enter the ports that they serve can I access them. And if I do that, it doesn't matter if I have HTTP CLIENT and/or HTTP SERVER selected as allowed services. It just makes me wonder what the purpose of those allowed services is. Maybe there is a specific port applicable to each and I am not using that particular port. Otherwise, I don't know what the purpose of those allowed services is. Interesting.. I never use the Security/Firewall section, but instead use the sysconfig editor (or a text editor for minor changes).
The "allowed services" section seems to work for the internal zone (when the protect firewall from internal zone box is checked, of course -- if it isn't, then the internal zone is wide open), but not the external zone. I have a whole list of services the silly thing claims are open on my external zone, but they sure are not in the actual firewall. I can add a service, eg. DHCP client, which properly adds the bootpc port to the ext_udp list, but cannot remove things like HTTP server, which I do not have, and which is definitely *not* open. Soon as I can remember my username/password at Novell I'll see about a bug report.