* John Andersen
I'm suddenly reminded why Shorewall is a much better firewall than Suse's firewall. I cant find anywhere in yast to enter a blacklist ip.
add to /etc/sysconfig/SuSEfirewall2:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
edit /etc/sysconfig/scripts/SuSEfirewall2-custom as below:
fw_custom_after_antispoofing() { # could also be named
"before_port_splitting()"
# these rules will be loaded after the anti-spoofing and icmp
# handling
# but before any IP protocol or TCP/UDP port allow/protection rules
# will be set.
# You can use this hook to allow/deny certain IP protocols or
# TCP/UDP
# ports before the SuSEfirewall2 generated rules are hit.
####pat added per Ulf Rasch