-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-03-10 at 20:23 -0600, Boyd Lynn Gerber wrote:
On Mon, 10 Mar 2008, Carlos E. R. wrote:
The Monday 2008-03-10 at 17:21 +0100, Ludwig Nussel wrote:
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
Provided that your network interface is in the external zone this should work fine.
I never could get the above to work properly. That is why I went to the rules in /etc/sysconfig/scripts/SuSEfirewall2-custom. They never failed me. Have you tried them?
That's what I used previously. But since installing 10.3 and seeing that cute syntax for FW_SERVICES_ACCEPT_EXT, I used that instead. So much more easy! So, yes, probably using the rule in ...custom still works fine. But the current problem is why that above "token" doesn't work as expected. Did it work and is now broken after some update? Did it never work? Are we using it wrong? If so, the doc is also wrong, I simply copypasted... Or perhaps it also does not work in ...custom (I haven't checked and I'm off to sleep now). Then iptables is broken and must be repaired. Mmmm...? Maybe the trick is to define "FW_SERVICES_ACCEPT_EXT" and undefine any other "accept" rule. That is not documented if so! - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFH1fFHtTMYHG2NR9URAh4HAKCJYOpjHDgRG5KzprHcGCvOoln/ggCfYpdp WrNO48dXKuj/s2rbgZL3pz0= =IWN9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org