[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Upgrading SLES9 Susefirewall2 to SuSE9.3

On Thursday 27 July 2006 16:50, Michael James wrote:
> Susefirewall2 fills my logs with reports of dropped packets
>  as a stupid windows network monitor tries to talk SNMP.
> I've asked them to stop, but often "fixing the internet"
>  is not the easiest way to resolve problems.
> The SLES9 version of Susefirewall2 lacks the parameter
>  "FW_SERVICES_DROP_EXT="0/0,tcp,161"
> # Packets to silently reject without log message.
> So as I've done so often, I upgraded the SLES9 RPM.
> rpm -Fvh SuSEfirewall2-3.3-18.noarch.rpm
> Pulled a copy of  /etc/sysconfig/Susefirewall2
>  across from my 9.3 workstation and customised it.
> Rebooted and it seems to work fine.
> I'll give it a week and upgrade all the production boxes.
> Just wanted to share that, (and see if anyone knew why not...)
> michaelj

SLES9 is an enterprise class server, but SuseFirewall is a 
user class firewall tool.

Rip it out and install Shorewall. It is Vastly more powerful,
dramatically easier to use, better documented,and full of features.

John Andersen

Attachment: pgpagaHrvtU9V.pgp
Description: PGP signature