On Wednesday 27 September 2006 8:27 pm, I wrote:
It's a network, and 192.168.0.0/24 as the value of FW_TRUSTED_NETS did the trick. That's better than the explicit tcp/udp specification since it effectively puts that subnet into the internal zone for all services -- just what I want.
It would be very nice if Yast included the ability to set FW_TRUSTED-NETS in its firewall settings, especially since the existence of additional firewall settings in /etc/sysconfig is not obvious if you don't already know about it. The setting I'm using now seems to be exactly right for the very common configuration I described: several machines on a net, each with a single network card, and a router on that same net that connects to the rest of the world via a cable or DSL modem. And speaking of Yast: I have two machines running 10.0. On one of them, the /etc/sysconfig categories include Network/Firewall/personal-filewall, with FW_TRUSTED_NETS nowhere to be seen. I can still get at it via a search, though. On the other one those categories include Network/Firewall/SuSEfirewall2 and FW_TRUSTED_NETS is listed underneath it. Very odd, especially since the firewall seems to behave the same in both instances. Perhaps it has something to do with one installation being an upgrade and the other a new installation. Paul