Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
RE: [suse-security] Re: firewall help..
  • From: "Gilmore, Eric" <egilmore@xxxxxxxxxxxxxxx>
  • Date: Tue, 2 Mar 2004 13:52:26 -0500
  • Message-id: <F79E26BFE28DBF438188F34397CD0FED06493E86@xxxxxxxxxxxxxxxxx>
This is only the beginning of the script. I wanted to make sure
everything worked before I locked it down, that's all.

-----Original Message-----
From: Stefan Tichy [mailto:nobody@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, March 02, 2004 1:05 PM
To: suse-security@xxxxxxxx
Subject: [suse-security] Re: firewall help..


On Tue, Mar 02, 2004 at 05:51:52PM +0100, maarten van den Berg wrote:
> On Tuesday 02 March 2004 17:05, Gilmore, Eric wrote:
> > Can anyone give me a clue? The basics are:

> Hm... reading on I notice you don't use the Suse firewall filter. Why

> not ?

The listing of iptables rules looks strange. There is an allow policy
and there are lots of allow rules, but nothing is denied. There are LOG
targets at the end. They will not log anything because the pakets have
already been accepted.

The rule specifications for POSTROUTING chain are probably uneccessary.
I am not shure, because I did not really find out what you are trying to
do.

Maybe it is easier to use the SuSE firewall script to generate the
iptables rules (that is what SuSE firewall does).


> > -afp (apple) connections from anywhere
>
> See samba, the services are fairly similar.

In addition to the filter rules it is neccessary to allow the connection
with some /etc/hosts.allow entry.


--
Stefan Tichy ( s.list at pi4tel dot de )

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >
This Thread
  • No further messages