Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] iptables [SuSEfirewall2]
>how can i add my own iptable rules, where can i find documentation on the
>structure of

edit /etc/rc.config.d/firewall2-custom.rc.config script to add won rules

>i have installed the system according to suse instructions but yet im
>confused on where
>can i add rules to control packet forwarding to particular ip addresses and

edit /etc/rc.config.d/firewall2.rc.config and check ->

# 15.)
# Which accesses to services should be redirected to a localport on the
# firewall machine?
# This can be used to force all internal users to surf via your squid proxy,
# or transparently redirect incoming webtraffic to a secure webserver.
# Choice: leave empty or use the following explained syntax of redirecting
# rules, seperated by a space.
# A redirecting rule consists of 1) source IP/net, 2) destination IP/net,
# 3) protocol (tcp or udp) 3) original destination port and 4) local port to
# redirect the traffic to, seperated by a colon. e.g.:
# ",0/0,tcp,80,3128 0/0,,tcp,80,8080"

# 13.)
# Which services accessed from the internet should be allowed to the
# dmz (or internal network - if it is not masqueraded)?
# With this option you may allow access to e.g. your mailserver. The
# machines must have valid, non-private, IP addresses which were assigned to
# you by your ISP. This opens a direct link to your network, so only use
# this option for access to your dmz!!!!
# Choice: leave empty (good choice!) or use the following explained syntax
# of forward ing rules, seperated each by a space.
# A forwarding rule consists of 1) source IP/net and 2) destination IP
# seperated by a comma. e.g. ",,"
# Optional is a protocol, seperated by a comma, e.g. ",,igmp"
# Optional is a port after the protocol with a comma, e.g. "0/0,0/0,udp,514"
FW_FORWARD="" # Beware to use this!

But - as you can read - Beware to use this! - if you dont know waht you're doing.

Michael Appeldorn

< Previous Next >