On Fre, 04 Feb 2000, you wrote:
Hi,
I would like to set up a firewall using the firewals 1.4-6 packet on a 2.2.14 kernel. My problem is, that I want to use nameserver services from the (insecure) internet and time server services. For the time servers, I have to have an open UDP port 1026 for incoming UDP connections. If I set FW_UDP_ALLOW_INCOMING_HIGHPPORTS = "dns 1026" I get error messages, which are caused by a special handling of the string 'dns' in the script. Up to now, the only solution I have found is to set that variable to 'yes', but that opens all my high UDP ports, and would really prefer to have only those ports open, which I really need. Is there a better solution available?
you really donŽt gain much security, if you restrict access to the udp highports to a special sourceport. however, if you want to do this: "53 1026" will help - however, 1026 is allocated dynmacally. so when it uses another port when itŽs started, you are toasted. my tip: "yes" is okay
Okay, I'm still a little bit new in this matters and wanted to gain as much as possible :-)
btw., it would have been nice, if the article in SuSE's support data base would mention, that the firewall script has to be restarted each time a new dial up connection has been made :-))
thats mentioned in rc.firewall I think - I donŽt know for 1.4 but 2.0-pre does for sure :-)
I know, I should have done RTFM before going to the cook-book's recipe :-)) Thanks for your help! Jürgen