[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] iptables SuSEfirewall2



> I know that SuSefirewall uses iptables but for example I want to make an
entry for
> iptables -I INPUT -s 172.16.0.0/32 -j DROP
> Basically I want to drop any connections from the
> 172.16.0.0-172.16.255.255 network coming to a sendmail server.
> With the Yast and SuSefirewall scripts managing the iptables
> where will I put my entry in and how do I make iptables read the new entry?
> I tried issuing the above from the command line but I don't know how
Suse likes to restart to read the new entry.
> Help would be appreciated.
>

If you want to load custom iptables rules into SuSEfirewall2 uncomment the

#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

line in /etc/sysconfig/SuSEfirewall2 and then put your iptables rules into
the appropriate hook in /etc/sysconfig/scripts/SuSEfirewall2-custom.

However, It's possible you could do something like:

FW_SERVICES_DROP_EXT="172.16.0.0/32,tcp"

to do what you want in SuSEfirewall2 itself, I havn't tested that though,
read the comments in /etc/sysconfig/SuSEfirewall2

_
Benjamin Weber



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here