On 12/7/2013 10:05 AM, jdebert wrote:
I'm dropping SuSEfirewall2 in favour of my own firewall scripts, which provide a much stricter policy with better control of the finer details and does not drop packets from established connections.
Adding shorewall & fail2ban should cover pretty much everything. As far as I can tell.
-- jd
I just use Shorewall. The documentation is excellent, comes with most scripts you will ever need, but it is so easy to add your own. I found the suse firewall pretty obtuse an unwieldy for anything but the basics like allowing samba etc. Unless you are routing, there is very little need for a firewall at all, other than the recent depressing tendency for some linux services to listen on all interfaces by default. Looking at netstat -anp these days can give nightmares. Lazy programming has pretty much forced us all to run firewalls these days. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org