[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] iptables SuSEfirewall2



I don't use SuSEfirewall myself. I think any modifications 
you make to the netfilter structure in the kernel will be 
applied instantly. Once SuSEfirewall has run and set up your 
initial firewall, you may get away with just poking your 
own iptables rules directly into the firewall with a bash 
shell script something like:

#! /bin/bash

# list current status of FILTER table
 iptables -L -v

# poke your new firewall rules into the input filter here
 iptables -I INPUT -s 172.16.0.0/32 -j DROP

# list new status of FILTER table
 iptables -L -v

# exit with a valid code
 exit 0

HTH

Keith

------------------------------------------------------------
http://www.karsites.net
http://www.raised-from-the-dead.org.uk

This email address is challenge-response protected with
http://www.tmda.net
------------------------------------------------------------

On Thu, 9 Nov 2006, Wade Grant wrote:

> To:  <suse-security@xxxxxxxx>
> From: Wade Grant <WGrant@xxxxxxxxxxxxx>
> Subject: [suse-security] iptables SuSEfirewall2
> 
> I know that SuSefirewall uses iptables but for example I 
> want to make an entry for iptables -I INPUT -s 
> 172.16.0.0/32 -j DROP Basically I want to drop any 
> connections from the 172.16.0.0-172.16.255.255 network 
> coming to a sendmail server. With the Yast and 
> SuSefirewall scripts managing the iptables where will I 
> put my entry in and how do I make iptables read the new 
> entry? I tried issuing the above from the command line but 
> I don't know how Suse likes to restart to read the new 
> entry. Help would be appreciated.
> 
> wade G.

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here