* FX Fraipont;
# FW_MASQ_NETS="0/0"
????? it would be better in my opinion to say which networks is masquearded ie 192.168.1.0/24 much safer
# For FW_SERVICES_*_IP enter the protocol name (like "igmp") or number ("2") # # Common: smtp domain FW_SERVICES_EXT_TCP="http 80 pop3 smtp 25 ssh telnet " ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ http and 80 smtp and 25
just say "www smtp" and if yopuare using telnet why bother with ssh ?
# Common: domain FW_SERVICES_EXT_UDP="www"
www is TCP not UDP
# # Common: ssh smtp domain FW_SERVICES_INT_TCP="ssh smtp 25 26 143 www 80"
"ssh smtp 26 143 www"
FW_ALLOW_INCOMING_HIGHPORTS_TCP="2500 143" ^^^^ 143 is not a highport
# Common: "DNS" or "domain ntp", better is "yes" to be sure ... FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
I would have put just "DNS" makes more secure
# if everything still works. (It should!) ;-) # # Choice: "yes" or "no", if not set defaults to "yes" # FW_KERNEL_SECURITY="no"
yes is much better This is my opinion your mileage may vary -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx