Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on my nework, including the firewall-machine itse
On Thursday 31 January 2002 09:21, Steffen Dettmer wrote:
> * Sebastian J. Bronner wrote on Wed, Jan 30, 2002 at 02:03 -1000:
> > On Tuesday 29 January 2002 23:15, Steffen Dettmer wrote:

> Huh?! The example tells, "eth0:0" is a device? I think it's only
> some syntax for ifconfig and similar tools. There is no
> difference between eth0:0 and eth0 execpt the IP.

So the poster can filter on destination address, rather than interface, if
the netfilter code doesn't understand eth0:0 aliasing.

> Yes, you're right, not very constructive saying. But this is not
> entirely wrong. Single-NIC firewalls are no real firewalls, since
> they are not able to really drop any packets, since it's the same
> wire.

They're not entirely useless though, so long as he can be sure of the address
allocation of the protected hosts. A virtual subnet, can be a useful
stepping stone towards a cleaner configuration, it's better than doing
nothing.

As for collisions, if he has a full duplex connection on a switching hub,
that is hardly going to be a problem.

> like "--source $home --dest ! $home --dev device"? In this case,
> the device usually shouldn't matter at all. I don't think it's

Choose either rules based on addresses, or rules based on devices, but be
consistent.

Rob

< Previous Next >