Re: [suse-security] Cipe starts before firewalldaemon on SuSe-Live CD

[Alex <xander.r@xxxxxx>]

On Thu, 2003-09-11 at 11:58, Jan Frederik Pielhau wrote:
> Hi there.
> 
> We've got a SuSe Linux Firewall on CD 2 and use CIPE to connect a branch office.
> Because the remote network is on a dialup-line, we use the cipe's ip-up script to
> insert some iptables rules for the network connection between the LANs.
Why do you put the iptables rules in the cipe script? You have to create
a cipe chain in the firewall script; with fas GUI is very simple: go to
IP-Filter and NAT menu, choose Expert Configuration and New Chain in IP
Filter Menu, add your rules there.
For example you could create 2 chains: one that accepts the key from
your peer and another that forwards the traffic between the 2 lans
trough the cipe interface; the first will be added in the INPUT chain
and the second in the FORWARD chain.
Don't forget to start cipe deamon by hand on the floppy in
/etc/rc.config

Anyway I suggest you to join the suse-fwoncd list:
http://lists.suse.com/archive/suse-fwoncd/

Ciao




-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here