Mailinglist Archive: opensuse-security (125 mails)

< Previous Next >
Re: [suse-security] Upgrading SLES9 Susefirewall2 to SuSE9.3
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Thu, 27 Jul 2006 17:02:09 -0800
  • Message-id: <200607271702.17465.jsa@xxxxxxxxxxxxxx>
On Thursday 27 July 2006 16:50, Michael James wrote:
> Susefirewall2 fills my logs with reports of dropped packets
> as a stupid windows network monitor tries to talk SNMP.
> I've asked them to stop, but often "fixing the internet"
> is not the easiest way to resolve problems.
> The SLES9 version of Susefirewall2 lacks the parameter
> "FW_SERVICES_DROP_EXT="0/0,tcp,161"
> # Packets to silently reject without log message.
> So as I've done so often, I upgraded the SLES9 RPM.
> rpm -Fvh SuSEfirewall2-3.3-18.noarch.rpm
> Pulled a copy of /etc/sysconfig/Susefirewall2
> across from my 9.3 workstation and customised it.
> Rebooted and it seems to work fine.
> I'll give it a week and upgrade all the production boxes.
> Just wanted to share that, (and see if anyone knew why not...)
> michaelj

SLES9 is an enterprise class server, but SuseFirewall is a
user class firewall tool.

Rip it out and install Shorewall. It is Vastly more powerful,
dramatically easier to use, better documented,and full of features.

John Andersen
< Previous Next >
Follow Ups