Mailinglist Archive: opensuse-factory (437 mails)
| < Previous | Next > |
Re: [opensuse-factory] Switching SuSEFirewall for iptables
- From: Per Jessen <per@xxxxxxxxxxxx>
- Date: Tue, 28 Apr 2015 19:45:18 +0200
- Message-id: <mhoi5e$mdi$1@saturn.local.net>
Uzair Shamim wrote:
Apologies, I assumed you were familiar with how to build a firewall
using iptables. It is typically just a script filled with iptables
commands which construct the firewall setup.
Such a script is easily called with a systemd service unit:
[Unit]
Description=firewall
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/firewall
ExecStop=/usr/sbin/firewall stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
If you don't have a firewall script/setup already built and ready to
use, you'e probably better of with using the openSUSE firewall.
--
Per Jessen, Zürich (9.6°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
On 04/28/2015 10:34 AM, Uzair Shamim wrote:
On 04/28/2015 04:59 AM, Marcus Meissner wrote:
On Tue, Apr 28, 2015 at 10:43:07AM +0200, Per Jessen wrote:
Uzair Shamim wrote:
I am trying to setup a machine with some docker containers
but the default suse firewall is interfering. Normally I
would just add the required rules to iptables for NAT and
forwarding but it seems suse firewall does not recognize the
interface connected to docker so I cannot add rules to allow
traffic to/from it. Is there a way to disable the
SuSEFirewall and just use plain old iptables?
Yep, that's exactly what you do - disable (or even uninstall)
the openSUSE firewall, then add your own iptables script.
What interface is detected? SuSEfirewall would probably put it
in the external zone by default.
Ciao, Marcus
@Per Jessen So its fine if I just disable the SuSEFirewall and
then build iptables as desired? Obviously I will have to add all
the rules I need but this wont cause any known issues? Sounds like
a plan.
Just tried this. There is no iptables service, how can I control
(start/stop) iptables?
Apologies, I assumed you were familiar with how to build a firewall
using iptables. It is typically just a script filled with iptables
commands which construct the firewall setup.
Such a script is easily called with a systemd service unit:
[Unit]
Description=firewall
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/firewall
ExecStop=/usr/sbin/firewall stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
If you don't have a firewall script/setup already built and ready to
use, you'e probably better of with using the openSUSE firewall.
--
Per Jessen, Zürich (9.6°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |