-----BEGIN PGP SIGNED MESSAGE----- Hi Anders!
The documentation in the SuSEfirewall2 script seems to be wrong. It should be "dns" not "domain", and ntp doesn't seem to be supported (at least I can't find it)
"DNS" is a special value you can use for
FW_ALLOW_INCOMING_HIGHPORTS_UDP. It will allow access to UDP
ports >= 1023 for the nameservers defined in /etc/resolv.conf only.
As for "UDP wide open": Did you consider the fact that every filtered
UDP port is reported as "open" by an nmap scan?
Andy
- --
Andreas J. Mueller email: