http://bugzilla.novell.com/show_bug.cgi?id=551282 http://bugzilla.novell.com/show_bug.cgi?id=551282#c26 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED Info Provider|lnussel@novell.com | --- Comment #26 from Ludwig Nussel <lnussel@novell.com> 2009-12-11 11:16:01 CET --- The int zone is meant to be trusted. If you disable the option to protect it the int zone would be just the same as ext. saned just used a braindead protocol that doesn't work properly with firewalling. There is no special conntrack module as for ftp (which has security issues too). I don't think the yast2 scanner module needs to offer more complex firewall settings. The existing ones are sufficient. If your interface is connected to different networks at the same time, you desperately want the ext zone but still want to trust some IP addresses you can specifically configure that (FW_TRUSTED_NETS, FW_SERVICES_ACCEPT_EXT). If you're carrying around a laptop that connects to different networks which you trust differently you may want to try fwzs (http://lizards.opensuse.org/2009/08/28/firewall-zone-switcher-updated/). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.