* Anders Johansson;
On Thursday 31 October 2002 00.18, Togan Muftuoglu wrote:
Sorry Anders but I can not make it from the script Where do you read this in the code for this interpretation ? my understanding is the other way around here you need to place ports >1023
Ok Just to make this clear so I can have the documentation accordingly
[Dd][Nn][Ss]) OPEN_DNS=yes
test "$OPEN_DNS" = yes && { test -z "$NAMESERVERS" && \ echo 'Warning: No nameservers in /etc/resolv.conf!' for k in $NAMESERVERS; do test "$k" = 127.0.0.1 || for CHAIN in input_int input_dmz input_ext; do $LAA $IPTABLES -A $CHAIN -j LOG ${LOG}"-ACCEPT " -p udp -s $k --sport 53 --dport 1024:65535
this is when [Dd][Nn][Ss] for FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" which is the default in the config file. Then it will read the $NAMESERVERS array which are the nameserver names that are placed in /etc/resolv.conf and for each of them except 127.0.0.1 allow connection for example when I have 212.156.4.4 in my /etc/resolv.conf this code $LAA $IPTABLES -A $CHAIN -j $LOG ${LOG}"-ACCEPT" -p udp -s 212.1456.4.4 --sport 53 --dport 1024:65535
# guess this has to be state NEW because the outgoing packet was not seen when # doing autodialing... XXX - or? $IPTABLES -A $CHAIN -j "$ACCEPT" -m state --state NEW,ESTABLISHED,REL ATED -p udp -s $k --sport 53 --dport 1024:65535 done done }
again $k would be 212.156.4.4 in this case
Maybe I am mistaken
The documentation in the SuSEfirewall2 script seems to be wrong. It should be "dns" not "domain", and ntp doesn't seem to be supported (at least I can't find it)
no domain is correct just do a grep dns /etc/services Now the second part where the FW_ALLOW_INCOMING_UDP ports are used, I'll try to see the {input_int} chains and try to follow from there on. So This part still not clear -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx