For the desperate: SuSEfirewall2 v0.3 is available for testing from www.suse.de/~marc It installs without problem with a SuSEfirewall(1) installation, the only variable shared is the START_FW variable (well, with the result that both firewall will try to start when booting ;-) please note: due my current network probs at home I could not make real tests. so everyone who can check features, and if possible send me a fix for something which is not working - that would be great!! Q: What changed from SuSEfirewall(1) to SuSEfirewall2 A: Many things. Most important: it uses iptables (which is especially for 2.4 kernels) instead of ipchains. Visible changes: New commandline option "debug" which prints out the iptables commands, great to print the rules, and them modify them for you liking! Added the new options: FW_ALLOW_CLASS_ROUTING - allow routing between interfaces of the same class, e.g. two internal networks FW_ALLOW_FW_BROADCAST - allow broadcast packets to reach the firewall FW_ALLOW_PING_EXT - allow the internal/dmz to ping the internet FW_SERVICE_AUTODETECT - autodetect START_{NAMED,SMB,DHCPD} and DHCLIENT Renamed some variables, removed some, changed syntax (small changes) All forward,masquerading,trust definitions can now be very global or very fine-grained as you need it The logging looks different - hell this is iptables :-( It takes a bit longer to create the complex ruleset :-( Invisible changes: A packet has to traverse much less rules, so packet processing is faster Stateful packet checking is present now (thanks to the 2.4 kernel) More intelligent ICMP filtering and identd rejection Greets, Marc -- Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: marc@suse.de Function: Security Research and Advisory PGP: "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka" Key fingerprint = B5 07 B6 4E 9C EF 27 EE 16 D9 70 D4 87 B5 63 6C Private: http://www.suse.de/~marc SuSE: http://www.suse.de/security