On 10/28/2012 08:36 PM, Marc Chamberlin wrote:
Thanks Togan , nice way to strip out comments! I have posted the SuSEfirewall2 configuration to
and left the default expiration at 1 week. Hopefully someone can find something interesting that I have overlooked!
Ok first tighten up your config a bit and remove "any" from the DEV_EXT so it looks like FW_DEV_EXT="eth0" When you have FW_PROTECT_FROM_INT="no" then you do not need to specify FW_SERVICES_INT_TCP and FW_SERVICES_INT_UDP so you may want to remove them. Best way during testing is comment them and and empty versions of them with an empty line after the variable ie. FW_SERVICES_INT_TCP="" FW_SERVICES_INT_UDP="" For testing purposes also make the following changes FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_ALL="yes" These will cause lots of logging so once you are done with the testing revert them back to their default no So for testing once the above is corrected with root privileges /sbin/SuSEfirewall2 start Begin trying to use your application and send the relevant part of the logs, ie if the service is unreachable then find the log entries which are dropped and send them or use susepaste.org which in that case send the paste id Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org