Hello all, What is the advised way of activating the ruleset made by fwbuilder on boot-up? Redhad & Mandrake have an init.d script called iptables which could picks this ruleset file up and configures iptables. I know there's firewall2 on SuSE but could it be used for this task. I think not. Do I have to emulate what the other distributions do myself or is there a SuSE way around this? I'm new to SuSE, coming from the other distros, so I thought I might ask the in-crowd. Thanks, Guy.
On 09/20/2003 05:17 PM, Guy Zelck wrote:
What is the advised way of activating the ruleset made by fwbuilder on boot-up? Redhad & Mandrake have an init.d script called iptables which could picks this ruleset file up and configures iptables.
I know there's firewall2 on SuSE but could it be used for this task. I think not.
My advice would be to edit the /etc/sysconfig/SuSEfirewall2 config file, and use firewall2. It is a very good iptables script, and the config file is very well commented. This is the easiest, and it is well tested. You could use Yast, which has greatly improved as far as this is concerned, but I prefer to read all the comments while using an editor, which help to get a feel for how things interact. If you already have some iptables experience, and need to customize it further, you can add your own rules in a separate file, referenced at the end. HTH. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
Joe Morris (NTM) wrote:
On 09/20/2003 05:17 PM, Guy Zelck wrote:
What is the advised way of activating the ruleset made by fwbuilder on boot-up? Redhad & Mandrake have an init.d script called iptables which could picks this ruleset file up and configures iptables.
I know there's firewall2 on SuSE but could it be used for this task. I think not.
My advice would be to edit the /etc/sysconfig/SuSEfirewall2 config file, and use firewall2. It is a very good iptables script, and the config file is very well commented. This is the easiest, and it is well tested.
Easier is using the GUI fwbuilder provides. Well-known products like Checkpoint's FW1 have a GUI too.
You could use Yast, which has greatly improved as far as this is concerned, but I prefer to read all the comments while using an editor, which help to get a feel for how things interact. If you already have some iptables experience, and need to customize it further, you can add your own rules in a separate file, referenced at the end. HTH.
I had a look at the SuSEfirewall2 config file and you can call a script at the end but that file needs to use pre-defined function blocks. The trouble with manual editing is the learning curve and te fact that typos can breake the setup. From what I've seen I can only conclude that I'll have to port the iptables script to SuSE and use that. Thanks, Guy.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 23 September 2003 23:31, Guy Zelck wrote:
Joe Morris (NTM) wrote:
On 09/20/2003 05:17 PM, Guy Zelck wrote:
What is the advised way of activating the ruleset made by fwbuilder on boot-up? Redhad & Mandrake have an init.d script called iptables which could picks this ruleset file up and configures iptables.
<snip>
Take a look at shorewall www.shorewall.net it maybe helpful Ian - -- A child of five would understand this. Send someone to fetch a child of five. Groucho Marx - ---------------------------------------------------- This mail has been scanned for virus by AntiVir for UNIX Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH. PGP ID: 589F8449 Fingerprint: EB1C FACF 6BEB 540E 8AC0 F04E 2A25 A2F1 589F 8449 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD4DBQE/ccZLKiWi8VifhEkRAvI5AJYvLi8s3kyqkKwV8oXbAdeWf2dVAKCtvYA9 /puLYkLmtDrXalgaTVN4iA== =v2f3 -----END PGP SIGNATURE-----
participants (3)
-
Guy Zelck -
Ian David Laws -
Joe Morris (NTM)