Mailinglist Archive: opensuse-factory (437 mails)

< Previous Next >
Re: [opensuse-factory] Switching SuSEFirewall for iptables
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Tue, 28 Apr 2015 19:45:18 +0200
  • Message-id: <mhoi5e$mdi$>
Uzair Shamim wrote:

On 04/28/2015 10:34 AM, Uzair Shamim wrote:
On 04/28/2015 04:59 AM, Marcus Meissner wrote:
On Tue, Apr 28, 2015 at 10:43:07AM +0200, Per Jessen wrote:
Uzair Shamim wrote:

I am trying to setup a machine with some docker containers
but the default suse firewall is interfering. Normally I
would just add the required rules to iptables for NAT and
forwarding but it seems suse firewall does not recognize the
interface connected to docker so I cannot add rules to allow
traffic to/from it. Is there a way to disable the
SuSEFirewall and just use plain old iptables?

Yep, that's exactly what you do - disable (or even uninstall)
the openSUSE firewall, then add your own iptables script.

What interface is detected? SuSEfirewall would probably put it
in the external zone by default.

Ciao, Marcus

@Per Jessen So its fine if I just disable the SuSEFirewall and
then build iptables as desired? Obviously I will have to add all
the rules I need but this wont cause any known issues? Sounds like
a plan.

Just tried this. There is no iptables service, how can I control
(start/stop) iptables?

Apologies, I assumed you were familiar with how to build a firewall
using iptables. It is typically just a script filled with iptables
commands which construct the firewall setup.
Such a script is easily called with a systemd service unit:


ExecStop=/usr/sbin/firewall stop


If you don't have a firewall script/setup already built and ready to
use, you'e probably better of with using the openSUSE firewall.

Per Jessen, Zürich (9.6°C) - free dynamic DNS, made in Switzerland.

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups