[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] iptables SuSEfirewall2



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Ludwig Nussel schrieb:
> Philippe Vogel wrote:
>> To restart it has shown to do so:
>>
>> /etc/init.d/SuSEfirewall2 stop && /etc/init.d/SuSEfirewall2 start
>
> That opens your machine to the world for a moment as stopping the
> firewall removes all filter rules and sets the policy to accept.
Only for a small amount of time and with a secure system it is not a
problem.

Mention:
A secure system only opens a limited amount of ports - A System not
opening ports doesn't need a firewall and is as secure as the user of
this system.
Not using a virus scanner is not a risk if you know what you do and
you use a "non victimizable" os (don't answer to this as this is a
kind of philosophy for some persons)!

>> instead of:
>>
>> /etc/init.d/SuSEfirewall2 restart
>>
>> A simple restart sometimes doesn't work from my experience (some
>> chains still remain)!
>
> Huh? Please open a bug report if that's reproducible.
>
> cu
> Ludwig
This is reproducible but not in all cases SuSEfirewall2 shows this
behaviour.

The next thing in mind is that all DMZ-chains get initialized without
having a DMZ so I customized the script a bit without the DMZ-chains
(without uneccessary chains - and there are a lot even remaining - the
script runs faster). Another thing would be customizable QoS-chains
which I always edit for some services not listed there.

Regards

Philippe

- --
Diese Nachricht ist digital signiert und enthält weder Siegel noch
Unterschrift!

Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt
gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az:
16 O 201/98). Jede kommerzielle Nutzung der übermittelten
persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich
untersagt!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: GnuPT 2.7.2
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQD1AwUBRVdbJkNg1DRVIGjBAQIyYQb/SvomhQHibhDvpGhUtikFOFc4TgwQz7GL
ylpN0hre5tHJuI26hKSPIeNZx1CN689pyQQocxJM7m5/QSaILHkqyp0Ho1DksBVs
9e3yoZ6ufG3fqHCPPhIw4ioHT51ugka54BVPSJqlrVZrf0vMH8caUCiPs3blnEGp
tPYTrgPYXos4pElOJlIxe1R/MmIBR2Lug4nfoWLlC5YgEBL4Gm3/VFwhEZ8KMhPI
yf3Z8Qw1+urAmqVjSZoNEKF0CnGzjzXpA+TzmCwUvPV9QVU9TeTF5aeHIOy2IAOD
XG0C8WHFBpE=
=Dnp9
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx