Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] Help needed for configuring firewall with YAST
  • From: Franky GOETHALS <franky.goethals@xxxxxxxxxx>
  • Date: Sun, 06 Aug 2000 08:11:03 +0200
  • Message-id: <398D0177.C1D608DF@xxxxxxxxxx>
Stefan Suurmeijer wrote:
>
> On Sat, 5 Aug 2000, Franky GOETHALS wrote:
>
> > Hello all,
> >
> > Since i while i've remarked the following lines in my firewall-log :
> >
> > Jul 18 21:40:11 penguin dhcpcd[109]: sending DHCP_REQUEST for 213.224.69.28 to
> > 195.130.132.18
> > Jul 18 21:40:11 penguin kernel: Packet log: input DENY eth0 PROTO=17
> > 195.130.132.18:67 213.224.69.28:68 L=330 S=0x00 I=60193 F=0x4000 T=252 (#127)
> > Jul 18 21:40:11 penguin dhcpcd[109]: DHCP_ACK received from (195.130.132.18)
> >
> > Does anyone can help me ? I appears to be in the
Stefan,

The value of this variable is allready 'yes'.

Any other ideas ?

Tnx allready,

Franky.


> > 'critical' messages for the firewall.
> >
>
> What it's telling you is that host 195.130.132.18 is sending an udp
> (PROTO=17) package to host 213.224.69.28 with bootp information (port 67 &
> 68) and that package is being denied. If you use the standard Suse
> firewall configuration script (/etc/rc.config.d/firewall.rc.config) you
> should have:
>
> FW_SERVICE_DHCLIENT="no" # if you use dhclient to get an ip address
> # you have to set this to "yes" !
>
> set to yes, or manually add a rule for accepting bootp packages
>
> > I would like to allow these requests through my firewall, but i didn't
> > succeed. I'm trying to configure it with YAST & FW_- variables in the
> > configuration-file.
> >
> > Thanks in advance,
> >
> > Franky.
> >
> >
>
> good luck
>
> Stefan
>
> ==========================================
> Stefan Suurmeijer
> Network Specialist
> University of Groningen
> tel: (+31) 50 363 3423
> fax: (+31) 50 363 7272
> E-mail (business): s.m.suurmeijer@xxxxxxxxxx
> E-mail (private): stefan@xxxxxxxxxxxx
> ==========================================
>
> Quis custodiet ipsos custodes? (Who'll watch the watchmen?) - Unknown
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

--
===================================
GOETHALS Franky
Driegaaienstraat 104
B-9100 SINT-NIKLAAS
B E L G I E

Systeemingenieur Mainframe

Tel./Fax : 32 - (0)3 / 776.10.09
GSM : 32 - (0)478 / 21.40.94
franky.goethals@xxxxxxxxxx
===================================

< Previous Next >
Follow Ups
References