Mailinglist Archive: opensuse-security (81 mails)

< Previous Next >
Statefull packet inspection in SuSEfirewall2
  • From: <pronco@xxxxxxxxxxxx>
  • Date: Fri, 17 Feb 2006 10:15:35 -0300
  • Message-id: <bnev4owB.1140182135.5619050.pronco@xxxxxxxxxxxxxxxxx>

Is it there any way to configure stateful packet inspection rules in
SuSEfirewall2 for masquerade networks? When I configure a rule in
FW_MASQ_NETS in order to allow traffic from the outside to the DMZ, I
also have to configure a rule for responses.

Example: Incoming traffic to my web server in a DMZ with private addresses


I also need to set up the following rules in order to let responses out


This rule permits not only established sessions, but additionally it
allows my web server to establish connections to the outside world.

Don’t know why the FW_FORWARD rules are stateful as I want, but
FW_MASQ_NETS ones don’t.

Any suggestion?
Is it possible to math the SYN, ACK and FIN TCP bits with SuSEfirewall2?

Thanks in advance.
Pablo Ronco

< Previous Next >
This Thread
Follow Ups