Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Firewall setup
Dear all

I have a suse 7.1 proffesional running as a server, kernel 2.2.18, jakarta-tomcat as serving html pages (port 8080), postgres (port 5432) and ssh (22).
i am trying to setup the firewall but i dont seem to be able to figure it out. What i want to do is deny all packets coming to the system except, allow all for the website, and allow ssh access only from specified ip addresses.
I enclose the part of the configuration responsible for that part and i would like to know where i am doing wrong.

# 9.)

# Which services ON THE FIREWALL should be accessible from either the internet

# (or other untrusted networks), the dmz or internal (trusted networks)?

# (see no.13 & 14 if you want to route traffic through the firewall)

#

# Enter all ports or known portnames below, seperated by a space.

# TCP services (e.g. SMTP, WWW) must be set in FW_SERVICES_*_TCP, and

# UDP services (e.g. syslog) must be set in FW_SERVICES_*_UDP.

# e.g. if a webserver on the firewall should be accessible from the internet:

# FW_SERVICES_EXTERNAL_TCP="www"

# e.g. if the firewall should receive syslog messages from the dmz:

# FW_SERVICES_DMZ_UDP="syslog"

# For IP protocols (like GRE for PPTP, or OSPF for routing) you need to set

# FW_SERVICES_*_IP with the protocol name or number (see /etc/protocols)

#

# Choice: leave empty or any number of ports, known portnames (from

# /etc/services) and port ranges seperated by a space. Port ranges are

# written like this, from 1 to 10: "1:10"

# e.g. "", "smtp", "123 514", "3200:3299", "ftp 22 telnet 512:514"

# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2")

#

FW_SERVICES_EXTERNAL_TCP="22 8080" # Common: smtp domain

FW_SERVICES_EXTERNAL_UDP="" # Common: domain

FW_SERVICES_EXTERNAL_IP="" # For VPN/Routing which END at the firewall!!

#

FW_SERVICES_DMZ_TCP="" # Common: smtp domain

FW_SERVICES_DMZ_UDP="" # Common: domain syslog

FW_SERVICES_DMZ_IP="" # For VPN/Routing which END at the firewall!!

#

FW_SERVICES_INTERNAL_TCP="22 25" # Common: ssh smtp domain

FW_SERVICES_INTERNAL_UDP="" # Common: domain syslog

FW_SERVICES_INTERNAL_IP="" # For VPN/Routing which END at the firewall!!

#

# 10.)

# Which services should be accessible from trusted hosts/nets on the internet?

#

# Define trusted networks on the internet, and the TCP and/or UDP services

# they are allowed to use.

#

# Choice: leave FW_TRUSTED_NETS empty or any number of computers and/or

# networks, seperated by a space. e.g. "172.20.1.1", "172.20.0.0/16"

#

FW_TRUSTED_NETS="192.150.180.137" "192.150.180.138" "192.150.180.139" "192.150.180.140"

#

# leave FW_SERVICES_TRUSTED_* empty or any number of ports, known portnames

# (from /etc/services) and port ranges seperated by a space.

# e.g. "25", "ssh", "1:65535", "1 3:5"

#

FW_SERVICES_TRUSTED_TCP="ssh" # Common: ssh

FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp

FW_SERVICES_TRUSTED_IP="" # For VPN/Routing which END at the firewall!!



I think there is something wrong with the spacing in

FW_TRUSTED_NETS="192.150.180.137" "192.150.180.138" "192.150.180.139" "192.150.180.140"

Can someone help me.

Thanks

Marios

< Previous Next >
Follow Ups