[opensuse] What's going on with firewall rules in 12.1?!?
Using 12.1. I want to add two, simple, basic firewall rules to deal with an ISP proxy injecting javascript into every web page fetched. I tried doing the usual and customary "service iptables save" after inserting the rules manually which returned the error "service iptables does not exist" or whatever. Looking further, I find that rc.iptables has been removed and substituted with some bizarre sysconfig abstraction that apparently creates firewall rules from scratch from a legion of files every time the system starts. And apparently, the way this thing is set up, I cannot do a simple append to this conglomeration of sundry files to get the rules I require. Further, Yast is completely useless for this purpose. As a bonus this nyoo thang, or whatever it is, is undocumented. Why do we have to do things the hard way? What is the rationale behind making firewall setup more difficult? And *WHERE* is the documentation? -- jd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Oct 02, 2012 at 01:43:18PM -0700, j debert wrote:
Using 12.1.
I want to add two, simple, basic firewall rules to deal with an ISP proxy injecting javascript into every web page fetched.
I tried doing the usual and customary "service iptables save" after inserting the rules manually which returned the error "service iptables does not exist" or whatever.
Looking further, I find that rc.iptables has been removed and substituted with some bizarre sysconfig abstraction that apparently creates firewall rules from scratch from a legion of files every time the system starts. And apparently, the way this thing is set up, I cannot do a simple append to this conglomeration of sundry files to get the rules I require. Further, Yast is completely useless for this purpose.
As a bonus this nyoo thang, or whatever it is, is undocumented.
Why do we have to do things the hard way? What is the rationale behind making firewall setup more difficult?
And *WHERE* is the documentation?
I see you probably met SuSEfirewall2, an tool we have for over 10 years now, (so it is not really new with 12.1). We never had a iptables init script. The config file /etc/sysconfig/SuSEfirewall2 is mostly self explaining, to hook in your own rules change: FW_CUSTOMRULES="... your script ..." and use /etc/sysconfig/scripts/SuSEfirewall2-custom as an example. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10/03/2012 02:43 AM, Marcus Meissner wrote:
I see you probably met SuSEfirewall2, an tool we have for over 10 years now, (so it is not really new with 12.1).
One heck of an introduction...
We never had a iptables init script.
How did 10.3 get it's iptables init script?
The config file /etc/sysconfig/SuSEfirewall2 is mostly self explaining, to hook in your own rules change:
FW_CUSTOMRULES="... your script ..."
and use /etc/sysconfig/scripts/SuSEfirewall2-custom as an example.
Not self explaining enough. It appears that a subset of iptables rules is supported. The information at hand does not cover my requirements. So it's back to doing things the hard way all over again. jd -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
j debert -
Marcus Meissner