Hi, I'm trying to enable masquerading on a server to allow some internal hosts to access the internet. From reading the included EXAMPLES file and the documentation of SuSEfirewall2 I have setup the following variables: FW_DEV_EXT="eth0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="192.168.10.0/24" But just setting FW_MASQUERADE="yes" will open up access to the internet to all of the internal network. For what I have read, this shouldn't be the correct behavior because then FW_MASQ_NETS wouldn't have much sense. For now, to be able to block access to the internet to the entire network I have to do it like this: FW_MASQ_NETS="!0/0 192.168.10.0/24" Then it works, access to all subnets is disallowed and then I allow the subnet I want. AFAIK this shouldn't be necessary, access to the internet shouldn't be allowed by default. I'm missing something ? this is on opensuse 12.1. Cheers, -- JLB -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org