Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on my nework, including the firewall-machine itse
  • From: "Sebastian J. Bronner" <waschtl@xxxxxxxxxxxx>
  • Date: Thu, 31 Jan 2002 01:42:52 -1000
  • Message-id: <200201311142.g0VBgqX28565@xxxxxxxxxxxxxxxxxx>
On Wednesday 30 January 2002 23:21, Steffen Dettmer wrote:
> I cannot imagine that SuSEfirewall2 states that eth0:0 is a
> device (otherwise it was a good idea not to use it :) SCNR). But
> maybe it's just some shorthand for something. Who knows.

I'm guessing that it should work either way.

> Now you are not constructive. And this is not a statement you are
> "allowed" to make as question maker. I spent my free time to try
> to help you, and you come with such things, this is not nice.

I are correct as well. I should accept the non-constructive with the
constructive. I guess that makes us even.

> What does this mean? You made a small script that sets up some

I didn't make it. It's taken verbatim from
I don't trust it as much as I would trust SuSEfirewall's script, after all
SuSE (hopefully) spent a lot of time on it, working out all the different

> firewall rules? Why isn't this integrating nicely?

I put a symlink to it in /etc/init.d/boot.d/ so it starts on bootup, instead
of controlling it from /etc/rc.config (preferable) like SuSEfirewall{1,2}

> like "--source $home --dest ! $home --dev device"? In this case,
> the device usually shouldn't matter at all. I don't think it's
> very logic to do address translation "on" a interface. Well, at

As I have only marginal experience with firewalls, I cannot explain to you
why the configuration file is the way it is either.

> least you can now compare your rules with the rules generated by
> SuSEfirewall and adapt Sfw2 to your needs.

Perhaps. I guess I will keep hacking at it until it works (or SuSE releases
another version (whichever comes first)).
Sebastian J. Bronner

< Previous Next >