On Thursday 28 September 2006 1:33 am, Darryl Gregorash wrote:
On 27/09/06 21:07, Paul Abrahams wrote:
On Wednesday 27 September 2006 9:35 pm, Darryl Gregorash wrote:
<snip>
It should, however, be possible to set these in Security/Firewall (or Network/Firewall, depending on the Yast version).
That's just what I meant. I should have been clearer.
And now that I read again what I wrote above, I too should have been clearer.. that is what we *want*, but it isn't what we *get* :-)
What would be the best way to ask Novell to fix this? There's a help file for Susefirewall, /usr/share/doc/packages/SuSEfirewall2/EXAMPLES, that lists a number of scenarios, but not the very common one I'm dealing with. Your suggestion shows that there is a simple way of handling it. If your approach has any disadvantages or weaknesses, I haven't found them. For those not following the thread earlier, the scenario is a home network with several machines, each with a single network card cabled to a router such as a D-Link, Linksys, or Netgear. The router in turn is connected to a DSL or cable modem that interfaces to a broadband ISP. Communication among the machines on the network should be entirely uninhibited but communication with machines outside the network should be fully protected by the firewall. The solution is to set the /etc/sysconfig parameter FW_TRUSTED_NETS to the value 192.168.0.0/24 or 192.168.1.0/24, depending on the router and assuming the router does not have a nonstandard configuration. Paul Paul