Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
new SuSEfirewall version (beta)
  • From: marc@xxxxxxx (Marc Heuse)
  • Date: Wed, 19 Jul 2000 09:17:32 +0200 (CEST)
  • Message-id: <20000719071732.2A945D3A@xxxxxxxxxxxxxx>
Hi folks,

SuSEfirwall v2.6 with no known bugs will be on the SuSE Linux 7.0 - great!

I'm already developing the tool further and implemented the following
features into the 3.0 beta which is available from www.suse.de/~marc shortly:

v3.0:
* Added FW_FORWARD_IP and FW_SERVICES_*_IP to support VPN and
Routing Prptocols (e.g. OSPf, or GRE for PPTP)
* Filter Config filename is now printed to syslog
* Enhanced the masquerading timeouts to a more clever value
* Added lockfile support (idea by franz@xxxxxxxxx) to prevent filter
rule corruption if several SuSEfirewall instances are running

especially the *_IP options are important to be able to use IPSEC and other
VPN protocols like CIPE and PPTP. This was heavily requested :)

Please note that I see no way to implement the following feature: several
people requested an option to allow free communication between interfaces of
the same class (e.g. between two internal networks) but this is not possible
without much work by the user, because there is no way to configure with
with ipchains. You'd have to know all networks reachable behind that
adapter, something which is not possible to do automatically. so my
configure work so in my opinion the FW_FORWARD_* (especially the new _IP)
are the easiest solution. Comments/Ideas welcome!

Greets,
Marc
--
Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
E@mail: marc@xxxxxxx Function: Security Support & Auditing
PGP: "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C
Private: http://www.suse.de/~marc SuSE: http://www.suse.de/security

< Previous Next >
This Thread
  • No further messages