Mailinglist Archive: opensuse-bugs (4751 mails)

< Previous Next >
[Bug 991463] firewall can't (easily) open port for (incoming) broadcasts
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 05 Jul 2017 13:50:56 +0000
  • Message-id: <bug-991463-21960-KCWU5LozdV@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=991463
http://bugzilla.suse.com/show_bug.cgi?id=991463#c6

Matthias Gerstner <matthias.gerstner@xxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(matthias.gerstner |
|@suse.com) |

--- Comment #6 from Matthias Gerstner <matthias.gerstner@xxxxxxxx> ---
(In reply to Markus Greger from comment #0)
Configuring a firewall port <port-number> via

yast -> firewall -> Allowed Services -> Advanced
yast -> firewall -> Broadcast -> Add

will not allow incoming broadcasts on <port-number>.

The "Allowed Services -> Advanced" will only open up ports for unicast, so this
setting is not concerning broadcasting.

I think the problem here is the "firewall -> Broadcast -> Add" setting, which
is titled "Accepting the Broadcast Reply" in yast. It might be a bit confusing
what this actually does. It actually only allows "related" traffic for that
port to be accepted. So when you send out a broadcast from your machine, the
replies to that broadcast will be accepted (at least that is what I think it is
for, without having tested it).

To allow any kind of broadcast to be accepted for a port you need to configure
it in "firewall -> Broadcast -> Broadcast Configuration ->
(Internal/DMZ/External Zone)".

Of course you also need to use the correct zone for all these settings. If you
didn't assign any zones then all your interfaces will end up in the external
zone for everything.

Would it be possible for you to test my suggestion so we can progress with this
bug?

Thank you.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >