Anyone really knowledgeable about susefirewall2 ? Is there a way to get ftp connection tracking for hylafax's port 4559 just by supplying files with the package? like unusual variables I can put the service definition file? and/or add a modprobe.d/foo.conf file? http://forum.zentyal.org/index.php?topic=1211.0 Basically how can I get this end result: modprobe nf_conntrack_ftp ports=4559 I maintain a HylaFAX+ package and I already include a service definition file but it only opens a single simple tcp port. hylafax+ does not have the port range limiting option that vsftpd has, so I can't handle this the way vsftpd does, by including a limited port range in the service definition file and specifying that same range in vsftpd.conf. In /etc/sysconfig/SuSEfirewall2 there is FW_SERVICES_ACCEPT_RELATED_EXT and FW_LOAD_MODULES These can be edited from yast but only via /etc/sysconfig editor, it's hardly better than hand editing the file, but it's an option. But then where can I put the module options? Normally nf_conntrack_ftp is not loaded even when vsftpd is installed and enabled because as mentioned above it's not needed for vsftpd. But it might be in use for some other ftp server, so, I can't just supply a /etc/modprobe.d/50-hylafax.conf that has the line options nf_conntrack_ftp ports=4559 That's not technically correct. If it were to exist at all it should rightly be named /etc/modprobe.d/50-nf_conntrack_ftp.conf and it should contain nothing but comments or nf_conntrack_ftp ports=21 or nf_conntrack_ftp ports=21,4559 or nf_conntrack_ftp ports=4559 depending one what's installed and how they're configured. But I don't think any suse/init scripts automatically do anything like that. Basically there are a number of ways I can get the final result. I could just put a couple modprobe and iptables commands in boot.local for instance. But I can't see any CLEAN way to do it, and I don't know what to document in my package as the cleanest, shortest, least intrusive, least presumptive way to do it. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org