Hi,
I've setup the SuseFirewall2 on my web server, allowing access just via http and ssh, that was very easy with the GUI. Now if I need to block a specific domain, let say *.123.123.123, is
If one knows how, yes, it's easy. Alas, SuSE's firewall documentation is not well documented in that aspect. Besides IPv6 problems, the firewall itself is configured out of the box to deny nearly all network traffic, which is not very practicable for a typical Web/LAN Server box, indeed. This firewall even requires custom rules to allow unlimited access from the internal network to external networks, such as the Internet, go figure. Here's the only way how to do it with SuSE firewall: 1. Open /etc/sysconfig/scripts/SuSEfirewall2-custom in a text editor 2. Seek to the section "fw_custom_before_antispoofing()" 3. Enter your custom firewall rules. I.e., block a specific address: iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP Philippe Wiede Raphael Leplae wrote: there a simple way to do it in /etc/sysconfig/SuSEfirewall2 ?
I was expecting something like: FW_REJECT_IP="*.123.123.123" but nothing like that in the examples provided in /usr/share/doc/packages/SuSEfirewall2/
I guess there is a simple way to do it. Thanks in advance.
Raphael