[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEfirewall2



Hi Robert,


Robert Uhl wrote:
> Hi,
> 
> I am currently dealing with the SuSEfirewall 9.3 and I hope that somebody knows more or figured out more about it then the pour documentation tries to do.
> I did work quiet a while on the iptables but this SuSE system really does not make a difference in terms of complexity. Sorry.
> 
> Is there any better documentation about it then you can find in /usr/share/doc/packages/SuSEfirewall2
> 
> I found these two scripts e.g.:

There are three of them ;-)

ls /etc/init.d/rc5.d/*fire*
/etc/init.d/rc5.d/K01SuSEfirewall2_final
/etc/init.d/rc5.d/K09SuSEfirewall2_setup
/etc/init.d/rc5.d/K21SuSEfirewall2_init
/etc/init.d/rc5.d/S01SuSEfirewall2_init
/etc/init.d/rc5.d/S13SuSEfirewall2_setup
/etc/init.d/rc5.d/S21SuSEfirewall2_final


> 
> SuSEfirewall2_init
> SuSEfirewall2_setup
> 

SuSE uses this to get around some Problems regarding Security
during the Boot-Process.

First closing everything, then, after Network config,
opening specific Ports/Interfaces.


IMHO there are two ways to handle SuSEfirewall.

a:)
   Let Yast do everything.

   Yes you have to configure Yast anyway ;-)
   Yast supports some Files for youre own rules.

b:)
   Deinstall SuSEfirewall and use something different.


Greetings
      Dirk   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
TRIA IT-consulting GmbH 
Joseph-Wild-Straße 20 
81829 München 
Germany 
Tel: +49 (89) 92907-0 
Fax: +49 (89) 92907-100  
http://www.tria.de 
 
 
Registergericht München HRB 113466 
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 
Geschäftsführer: Richard Hofbauer 
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx 
Nachricht an: RobertUhl@xxxxxx, suse-security@xxxxxxxx 
# Dateianhänge: 0 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here