Hans wrote regarding '[SLE] SuSEfirewall2 misbehaving' on Thu, Aug 19 at 03:03:
Hello,
I have set up a backup file server for a client. They are putting it in an ISP on two live IPs (against my strong recommendation not to). I'm tired of fighting them about it, it's their problem now.
So I setup SuSEfirewall2. However, when I start SuSEfirewall2, it blocks of everything, even the ports I specified to be open.
It's running SUSE 9.1 Pro with kernel-smp-2.6.4-52. Everything is up to date through YOU except the kernel itself (as the kernel update renders the box non-bootable).
Any ideas? Is this SuSEfirewall2 making trouble, or is it kernel level? I didn't have this problem with any other boxen with 9.1 on the original release kernel (either default or smp).
If it is in fact SuSEfirewall2 at fault, what is the best way to setup iptables? I need ports 22 139 445 and 10000 open on both interfaces.
#!/bin/sh IPTABLES="/usr/sbin/iptables" # all output OK $IPTABLES -F OUTPUT $IPTABLES -P OUTPUT -j ACCEPT # all forward bad $IPTABLES -F FORWARD $IPTABLES -P FORWARD -j REJECT # most input bad, except for a few ports $IPTABLES -F INPUT $IPTABLES -P INPUT -j DROP $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 139 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 445 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 1000 -j ACCEPT $IPTABLES -A INPUT -j DROP # yes, this is redundant. --Danny