-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-05-10 19:36, Bob Williams wrote:
This is where my old brain finds it difficult to understand the concepts. The firewalls I'm talking about are on each machine in the house connected to the NAT router, which in turn is connected to the Internet. So from your last remark, they are all protected by the router, and do not need to be running separate software firewalls themselves? The router (Draytek Vigor 2830Vn) claims to have a 'firewall' inside it, but I have never changed the default settings.
The distinction between external/internal interfaces came about on machines having to network cards: one connected to the outside, to Internet, another to the inside, the LAN. What to do on machines with only one socket? It is connected to the internal network, yes, so it should be "internal". However, in that LAN there is one machine, a router, that connects to the outside. It is this machine that should run a good and reliable firewall to protect all the machines inside. Is it that secure and reliable, the router? Really, I don't trust mine. I had one from my ISP, and it never got an update in years. Then I bought one of my own; it had an update, yes, but I verified that it still had a hole. So no, I don't trust home routers. Thus on all my Linux machines I tell them they are on "external" network. About your question: FW_TRUSTED_NETS="192.168.1.0/24,tcp,8001" I think that's what you need. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlVP1j8ACgkQja8UbcUWM1wK6QD+Nb6SJy3PwsDOF+CtX/WIIQWI XMCgfUCwdwFACiznHV4A/RrrZcfsCcq9X2W0R9BmDqmX8BijCwGbE+VzdRxDpXp6 =i4eF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org