[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Upgrading SLES9 Susefirewall2 to SuSE9.3



On Thursday 27 July 2006 21:58, Marcus Meissner wrote:
> On Thu, Jul 27, 2006 at 05:02:09PM -0800, John Andersen wrote:
> > On Thursday 27 July 2006 16:50, Michael James wrote:
> > > Susefirewall2 fills my logs with reports of dropped packets
> > >  as a stupid windows network monitor tries to talk SNMP.
> > >
> > > I've asked them to stop, but often "fixing the internet"
> > >  is not the easiest way to resolve problems.
> > >
> > > The SLES9 version of Susefirewall2 lacks the parameter
> > >  "FW_SERVICES_DROP_EXT="0/0,tcp,161"
> > > # Packets to silently reject without log message.
> > >
> > > So as I've done so often, I upgraded the SLES9 RPM.
> > > rpm -Fvh SuSEfirewall2-3.3-18.noarch.rpm
> > >
> > > Pulled a copy of  /etc/sysconfig/Susefirewall2
> > >  across from my 9.3 workstation and customised it.
> > > Rebooted and it seems to work fine.
> > > I'll give it a week and upgrade all the production boxes.
> > >
> > > Just wanted to share that, (and see if anyone knew why not...)
> > > michaelj
> >
> > SLES9 is an enterprise class server, but SuseFirewall is a
> > user class firewall tool.
>
> Susefirewall is not a user class firewall tool, sorry.

Oops, didn't mean to offend...

But it is missing too many features for production use
in large shops in MY opinion, and configuration is sort
of mysterious.

Those features it does have are sort of hard to figure out,
but I do use it for workstations.



-- 
_____________________________________
John Andersen

Attachment: pgpZnICySBb1h.pgp
Description: PGP signature