Anthony Simonelli wrote:

Previously, on Debian, I was using FireHOL to configure IPTables to setup a Internet and email gateway; routing only HTTP/HTTPS requests from internal IPs to the Internet for certain workstations using masquerade.

Recently I have moved to openSUSE because I favor it and believe that YaST makes system administration simple, even for those unfamiliar with Linux.

Unfortunately, a workstation that was configured to use it as a gateway, was infected with a cutwail spambot and, since I had masquerading enabled, it immediately sent out spam (port 25) since there was no restriction on packets being routed to the Internet.

I thought I read in the openSUSE security manual that the firewall does NOT put restrictions on packets that originate on the host but only incoming packets. I would imagine this applies to packets that are routed using masquerade since I cannot find anywhere to specify particular services.

Is there a way to specify what packets are routed using masquerade on SuSEfirewall2? If not, what other firewall/packet filtering software can I use instead writing my own IPTable rules? Unfortunately no FireHOL in the repositories.

Try Shorewall <http://shorewall.net> It's as easy as a line in the policy file: loc net REJECT info And in the rules file you specify which host can send traffic out, e.g. SMTP(ACCEPT) loc:192.168.0.1 net Shorewall is IPv6 ready, so a tunnel can be used safely too. Theo -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org