Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] SuSE Linux Firewall
  • From: dproc <dproc@xxxxxxx>
  • Date: Thu, 8 Feb 2001 22:23:31 -0500
  • Message-id: <20010208222331.A7841@xxxxxxxxxxxxxxx>
On Thu, 08 Feb 2001, Mary Sweat wrote:

> I am a newbie to the Linux world and have been given the task of setting up
> a Linux firewall (a very basic one) on SuSE LINUX 7.0. I read the SuSE
> Linux document regarding the firewall.rc.config file, and I have a
> question. If I follow this documentation and define my
> variables/parameters in this file do I need to do anything else (other then
> reboot) to make the firewall work?

This sounds like a good learning project. I'm a newbie to
firewall hands-on too - I put SuSEfirewall on an
internet-connected home workstation 2 weeks ago. I suggest
experimenting in a safe environment, and also reading the
technical doc enclosed with SuSEfirewall, usually called

SuSEfirewall-technical-english.txt

This explains how the rc.config settings are turned into
filter rules automaticallly.

Make sure the firewall package is installed - if it is you
will see console messages on its status when you go to
runlevel 2. (...see a unix or linux primer for runlevels -
among other things a simple tool to avoid rebooting)

... and the firewall is running. If the script has interpreted
your config correctly, all your intended filters should be
in place (but the script has no warranty, heh!)

> do I have to use
> the IPCHAINS utility and configure some filter rules, or am I through once
> I configure the firewall.rc.config file.

Yes you are through - you can try penetration testing it now
:-). Seriously before you go any further send a few packets
at it from your laptop with nmap or saint and see if they
are treated according to your plan.

The script actually automates the process of generating
commands for the ipchains utility, all behind the scenes.
Look at the list archives for various attempts people have
made at combining their own ipchains scripts with
SuSEfirewall - maybe that is useful but I never tried it.

Look behind the curtain at the wizard of oz - read
/sbin/SuSEfirewall
to see the neatly nested 'for' loops and realize we both have
a lot to learn.

dproc



< Previous Next >
This Thread
References