Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] How do I put a hole in Firewall2 for ssh2?
  • From: Michael Zimmermann <zim@xxxxxxxx>
  • Date: Wed, 25 Sep 2002 01:56:31 +0200
  • Message-id: <200209250154.32897.zim@xxxxxxxx>
At Mittwoch, 25. September 2002 01:10 Cyndy Bresloff wrote:
> Please bear with me, but I've tried to find an answer to this
> question on the suse pages, to no avail.

No ploblem, ma'am. .o)

> I am running the Firewall2 from SuSE on a 7.1 SuSE system,
> and I have ssh2 installed; but it doesn't work. I tried to
> modify the firewall2 script for it to work, but I am doing
> something wrong. And advice or pointers as to what to read
> about this, would be most helpful.

No need to change the script itself, change the configuration
file for the firewall2 instead. On your machine, it's
/etc/rc.config.d/firewall2.rc.config, I think (on suse 8.0
it would be /etc/sysconfig/SuSEfirewall2 ).

The configuration file is full of comments, if you read it
while filling in the approp. variables, you should get the
ideas.

Assuming that you want ssh access from outside to the firewall
machine itself, just add 'ssh' to FW_SERVICES_EXT_TCP, so that
it may read for example

FW_SERVICES_EXT_TCP="ssh smtp domain www"


You can also handle that in a way, that you allow only
a certain host (or network) to use ssh from the outside.
Then you would use FW_TRUSTED_NETS instead, e.g by
specifying

FW_TRUSTED_NETS="111.222.33.44,tcp,ssh"

or the like (you may specify several hosts, networks or
services separated by spaces).


Greetings
--
Michael Zimmermann (http://vegaa.de)



< Previous Next >
References