Hi, About: ------ YaST Firewall can already work with services defined by packages for several weeks, nevertheless is had just a read-only access. Some of you (for instance, ftp-server or http-server maintainers) allow users to configure ports on which the services listens or operates but enabling or disabling these services (ports) in firewall was quite limited. New Feature: ------------ Now, there is a new functionality in 'SuSEFirewallServices' module: * GetNeededPortsAndProtocols returns map of the current definition of the service * SetNeededPortsAndProtocols immediately changes the definition in configuration file You can find this new functionality in yast2-2.15.28 or SVN. Example of Usage: ----------------- - Services defined by package are stored in the /etc/sysconfig/SuSEfirewall2.d/services/ directory, copy the attached 'abc' file there - Save services-dbp.ycp script somewhere and run it by `/sbin/yast2 /path/toservices-dbp.ycp` - See the /var/log/YaST2/y2log Bye Lukas -- Lukas Ocilka, YaST Developer (xn--luk-gla45d) ----------------------------------------------------------------- SUSE LINUX, s. r. o., Lihovarska 1060/12, Praha 9, Czech Republic { import "SuSEFirewallServices"; string service = "service:abc"; map <string, list <string> > ports_used = SuSEFirewallServices::GetNeededPortsAndProtocols (service); y2milestone ("----------------------------------------------"); y2milestone ("GetNeededPortsAndProtocols: %1", ports_used); y2milestone ("----------------------------------------------"); list <string> tmp = ports_used["tcp_ports"]:[]; ports_used["tcp_ports"] = ports_used["udp_ports"]:[]; ports_used["udp_ports"] = ports_used["rpc_ports"]:[]; ports_used["rpc_ports"] = ports_used["ip_protocols"]:[]; ports_used["ip_protocols"] = ports_used["broadcast_ports"]:[]; ports_used["broadcast_ports"] = tmp; y2milestone ( "SetNeededPortsAndProtocols: %1", SuSEFirewallServices::SetNeededPortsAndProtocols ( service, ports_used ) ); ports_used = SuSEFirewallServices::GetNeededPortsAndProtocols (service); y2milestone ("----------------------------------------------"); y2milestone ("GetNeededPortsAndProtocols: %1", ports_used); y2milestone ("----------------------------------------------"); } # Do not edit this file as it's just a template and will be # overwritten on package updates! Copy to a new file instead. # # Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed. # More may be supported in the future. # # For a more detailed description of the individual variables see # the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2 # ## Name: abc service (probably) ## Description: opens ports for xx in order to allow dd # space separated list of allowed TCP ports TCP="was tcp" # space separated list of allowed UDP ports UDP="was udp" # space separated list of allowed RPC services RPC="was rpc" # space separated list of allowed IP protocols IP="was ip" # space separated list of allowed UDP broadcast ports BROADCAST="was broadcast"