[opensuse] Firewall-zone question
![](https://seccdn.libravatar.org/avatar/7527ff019b7a5078cb8647683a49d303.jpg?s=120&d=mm&r=g)
Hi, I'm configuring new laptops for my daughters. They're almost ready (except for a dvd-problem, see a thread in this list), but I'm uncertain which firewall-zone I have to put the NIC's in. On my own laptops I put all NIC's in internal zone, but is this safe ? I think mostly it will be, except for hotspots and the like. And on my machine I don't have services running (I chould check though ;-) ), but I don't know what my "customers" will need in the future, and where they will be online. What's your opinion ? Regards, Koenraad Lelong AE electronics -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/6aa40149a7b6a786f9ae89f4027863dc.jpg?s=120&d=mm&r=g)
On Tuesday 02 April 2013 12:28:27 Koenraad Lelong wrote:
Hi,
I'm configuring new laptops for my daughters. They're almost ready (except for a dvd-problem, see a thread in this list), but I'm uncertain which firewall-zone I have to put the NIC's in. On my own laptops I put all NIC's in internal zone, but is this safe ? I think mostly it will be, except for hotspots and the like. And on my machine I don't have services running (I chould check though ;-) ), but I don't know what my "customers" will need in the future, and where they will be online.
What's your opinion ?
Regards,
Koenraad Lelong AE electronics
I think you should put your NIC in the External Zone if you are directly on the Internet. And in the Internal Zone if you have a hardware router/box/Freebox/Livebox : See : http://en.opensuse.org/SuSEfirewall2#Firewall_Zones Dsant, from France -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/ba86f283d614d2cd9b6116140eaddded.jpg?s=120&d=mm&r=g)
Koenraad Lelong wrote:
Hi,
I'm configuring new laptops for my daughters. They're almost ready (except for a dvd-problem, see a thread in this list), but I'm uncertain which firewall-zone I have to put the NIC's in. On my own laptops I put all NIC's in internal zone, but is this safe ? I think mostly it will be, except for hotspots and the like. And on my machine I don't have services running (I chould check though ;-) ), but I don't know what my "customers" will need in the future, and where they will be online.
What's your opinion ? If it connects to the Internet, it's external. So, if you're installing on a stand alone computer, then the NIC is configured as external. If you're building a firewall, the NIC connected to the Internet is external and the one connected to the local network is internal. Normally, it's traffic from the outside world that has to get past the firewall.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/ba86f283d614d2cd9b6116140eaddded.jpg?s=120&d=mm&r=g)
James Knott wrote:
What's your opinion ? If it connects to the Internet, it's external. So, if you're installing on a stand alone computer, then the NIC is configured as external. If you're building a firewall, the NIC connected to the Internet is external and the one connected to the local network is internal. Normally, it's traffic from the outside world that has to get past the firewall.
One other thing, with notebooks, they may be used part time on a safe local network, where you may choose to not use a firewall and part time elsewhere, where you should. What you can do is have the firewall start up by default and then have a script that checks to see if you're on your home network and then shuts down the firewall. The test can be as simple as pinging a local IP address, such as your router, and then checking the arp cache to see if the appropriate MAC address is there. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Dsant
-
James Knott
-
Koenraad Lelong