Have you configured that firewall no firewall comes preconfigured ( I know marketing departments love the saying "one size fits all" but they never fit properly)
Yes, I just initially configured it using Yast
Because I am a paranoid I deliberately force internal machines go thru a Linux gateway which is SuSEfirewalled and internal machines are not trusted they are limited on what they can do. The Gateway machine is then connected to Cisco router with access-lists in control also. And this is my home network ( I am not saying buy a cisco router but make sure you have tight firewall rules applied on your border router.
Well I thing at present I wouldn't be able to do so much with my network, but after some reading I started to edit (with vim) /etc/sysconfig/SuSEfirewall2 and then /sbin/SuSEfirewall2 stop and start.
Sorry about my ignorance, and thanks in advance!
Night time reading assignment for you
http://www.oreilly.com/catalog/fire2/ is the book and the sample chapter is http://www.oreilly.com/catalog/fire2/chapter/ch13.html
I will order that book! Im going to ask probably a trivial question but sometimes this type of little details are hard to pick up from literature: As you know, for the SuSEfirewall2 I need to provide the type of device pointing to the external (unprotected) network and the device pointing to the internal ("trusted") network. If my computer is not connecting directly to the dsl modem but through a firewall-router that deals with the PPPoEe (sorry if I mispelled it) I wonder which is my external interface then and which my internal one. I set both to be eth0 but when I start the firewall I get that because "192.168.0.*/255.255.255.0 is internal and external, no spoof protection possible from internal". In the other hand when I leave as empty the external one the firewall also starts but tells me that it needs to know which is the external interface. So, in this setting (machine connecting through eth to a router-firewall-dhcp server) which are the internal/external interfaces of the machine?? Thanks for helping me understand this little issue. greetings! Felipe.