[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEfirewall2 drop/reject on ip address




Could someone tell me how to configure SuSEfirewall2 to drop packets based
source address(s)/range?  Any help would be appreciated.

Take a look at the configuration file "/etc/sysconfig/SuSEfirewall2"

<quote>
## Type:        string
#
# 25.)
# Do you want to load customary rules from a file?
#
# This is really an expert option. NO HELP WILL BE GIVEN FOR THIS!
# READ THE EXAMPLE CUSTOMARY FILE AT /etc/sysconfig/scripts/SuSEfirewall2-custom
#
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
</quote>

in "/etc/sysconfig/scripts/SuSEfirewall2-custom" are examples which
may help you to meet your needs. Good place to block an address range
seems to be "fw_custom_after_antispoofing()".

hope that helps

the polarizer
http://www.codixx.de/polarizer.html



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here