Mailinglist Archive: opensuse-security (465 mails)

< Previous Next >
Re: [suse-security] firewall2 basics - how to allow a service only from trusted hosts?
  • From: David Smith <dsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Sun, 23 Dec 2001 15:59:08 +0000
  • Message-id: <20011223155908.L24709@xxxxxxxxxx>
On Sun, Dec 23, 2001 at 03:19:50PM +0100, Michael Zimmermann wrote:
> Greetings to all,
>
> could you please help me with some pointers - I'm a relatively fresh
> user of firewall2 and perhaps I'm getting some basic things wrong.
[snip]
> But now (I think) the service is accessible to everyone,
> the whole internet became the DMZ, and specifying the
> FW_TRUSTED_NETS is not needed at all -
> or am I wrong?

Yes, I think you're correct, you are making the port accessible to everyone.

The following works OK on my machine:

FW_TRUSTED_NETS="a.b.c.0/24,udp,123"

This restricts access to the NTP port to only machines which come within
the IP range used by my ISP's main servers - if someone has cracked them,
there are more important things to worry about than my machines... :-)

Stupid question - you are restarting the firewall scripts after making the
change to the config file, aren't you?

HTH...

< Previous Next >
References