houghi wrote:
On Thu, Jul 20, 2006 at 02:13:19PM +0200, jdd wrote:
If you want to control _outbound_ access look into using squid, that is what it was designed for. The firewall is designed mainly for _inbound_ access control.
and here, inbound mean the inside of the server itself (hence the http for external _and_ internal branches of the network)
Inbound normaly means from outside of somthing into something. "Incomming" is perhaps a better or easier word.
So it goes from outside of the server, into the server. Wether this is WAN or LAN is irrelevant. It is perfectly possible to have inbount traffic from WAN to LAN, because you need to look from the point of view of the server.
Is it trafic generated by the server then it is outbound. If it is traffic for the server, then it is inbound. If the server IS the firewall, then a connection from WAN to LAN will be both inbound and outbound. Client asks the server access on port 80 -> Inbound. Server passes it on the the crrect place -> Outbound.
you are correct, in essence, but we must try to stay as near as possible of the SUSE words. I already noted that the documentation of SuSEfirewall2 is extremely ambiguous on this respect. there, in and out are defined by the interface number (why not), but the server itself is never defined, so it's very difficult to really understand the thing. this is very important nowaday where VPN's makes it dufficult to identify what machine is in and what is out :-() may be I will work on this, but given my actual agenda, it's not in a near future :-( jdd -- http://www.dodin.net http://dodin.org/galerie_photo_web/expo/index.html http://lucien.dodin.net http://fr.susewiki.org/index.php?title=Gérer_ses_photos --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory-help@opensuse.org