Hi,
From: Doug Currey [mailto:doug@curreycentral.com] I am trying to set up the firewall is Suse 9
I am used to using iptable in the form of $IPTABLES -A INPUT -p tcp -s x.x.x.0/24 --destination-port ssh -j ACCEPT $IPTABLES -A INPUT -p tcp -s y.y.y.0/24 --destination-port ssh -j ACCEPT $IPTABLES -A INPUT -p tcp --destination-port ssh -j REJECT
alllowing only networks x.x.x.x and y.y.y.y to have ssh access and block all others.
You can use SuSEfirewall2, which is shipped with SuSE. /etc/sysconfig/SuSEfirewall2 contains the configuration: .... FW_TRUSTED_NETS="x.x.x.x/24,tcp,22 y.y.y.y/24,tcp,22" should do the trick :-) ....
This worked pretty good under Redhat but can't figure how to do it under Suse
Try logging your rules (with -l) and have a look at it. Are there any other rules before those? Please send the whole script + the output from the logfile (you can x-out the ip-addresses, no problem there ;-)
Thanks
cheers, Stefan
Thanks I think this is going to work. Only problem is that the line FW_TRUSTED_NETS is going to be somewhat long making it hard to edit. Doug On Tue, 16 Dec 2003 15:25:29 +0100, Peer Stefan wrote
Hi,
From: Doug Currey [mailto:doug@curreycentral.com] I am trying to set up the firewall is Suse 9
I am used to using iptable in the form of $IPTABLES -A INPUT -p tcp -s x.x.x.0/24 --destination-port ssh -j ACCEPT $IPTABLES -A INPUT -p tcp -s y.y.y.0/24 --destination-port ssh -j ACCEPT $IPTABLES -A INPUT -p tcp --destination-port ssh -j REJECT
alllowing only networks x.x.x.x and y.y.y.y to have ssh access and block all others.
You can use SuSEfirewall2, which is shipped with SuSE. /etc/sysconfig/SuSEfirewall2 contains the configuration:
.... FW_TRUSTED_NETS="x.x.x.x/24,tcp,22 y.y.y.y/24,tcp,22" should do the trick :-) ....
This worked pretty good under Redhat but can't figure how to do it under Suse
Try logging your rules (with -l) and have a look at it. Are there any other rules before those? Please send the whole script + the output from the logfile (you can x-out the ip-addresses, no problem there ;-)
Thanks
cheers, Stefan
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
-- Open WebMail Project (http://openwebmail.org)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 16 December 2003 03:58 pm, Doug wrote:
Thanks I think this is going to work.
Only problem is that the line FW_TRUSTED_NETS is going to be somewhat long making it hard to edit.
I put each entry on it's own line: FW_TRUSTED_NETS="\ x.x.x.x/24,tcp,22 \ y.y.y.y/24,tcp,22 \ " - -- James Oakley Engineering - SolutionInc Ltd. joakley@solutioninc.com http://www.solutioninc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/32bT+FOexA3koIgRAhxhAJ9Lnm7ChX37ej79C+HhWZSZ6og4EQCfSAQ7 P7xt9KVubUveKVbBvEavnLs= =ey2u -----END PGP SIGNATURE-----
participants (3)
-
Doug -
James Oakley -
Peer Stefan