Togan Muftuoglu wrote:
* Robbert Eggermont;
on 04 Apr, 2004 wrote: However, when I enable SuSEfirewall2 for this system (using YaST), the firewall (/etc/rc.d/rc5.d/S01SuSEfirewall2_init) blocks ("destination unreachable") all {dns, smb, nfs, nis} traffic until (S14SuSEfirewall2_setup) *after* the {smbfs, nfs, ypbind} services are started...
yes by design. If you look to section 1.3 Techical background, you will see that SuSEfirewall2_init calls close function. I think the idea is until all services are setup close any incoming connection attempts. That is why after setup stage the final stage comes. So SuSEfirewall2 runs actualy 3 times before your actual protection is underway. Note that during the init stage trafic generated by the computer is allowed to pass.
Indeed, but... the return traffic is blocked!?! The services I talk about above are *client* services, so they need to be able to interact with the server(s)... (At least, that's what I'm thinking. :-) So, shouldn't the firewall be (more) completely setup before any network activity occurs (network related services are started)? I don't see any options to partly open up the firewall in the init stage (at least for the {dns, nfs, nis} server responses). Is there a way to do this (or should I do it differently)? Thanks, Robbert Eggermont