[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Firewall2 with 8.1



> > >There has been an update to the SuSEfirewall2 rpm. Please install.
> > >It helped in my case.
> >
> > it is installed...
>
> Do it again, please. To be precise, there were two updates.

Where were the errors?

I would add some line for internal LAN to block smb-access from
external!
The old version seemed to give access to samba, even, if it was set to
connect to a trusted net (139 was blocked, but the other ports are open
to external because of no chain set.)
It is abter the Lines (don't know, because my version is a littlebit
modified to my desires, blocking features ...):

/sbin/SuSEfirewall2

#########################
# Special SAMBA support #
#########################

test "$FW_SERVICE_SAMBA" = yes && {
$LAA $IPTABLES -A INPUT -j LOG ${LOG}" fp=NI a=ACCEPT " -i eth0 -p
udp --dport 137:138 -s $LOCALNET_1 # Samba for local Net only
$IPTABLES -A INPUT -j "$ACCEPT"  -m state --state
NEW,ESTABLISHED,RELATED -i eth0 -p udp --dport 137:138 -s $LOCALNET_1
}

/etc/sysconfig/SuSEfirewall2

# put it some where e.g. in 12) 12)

#
# local Samba-Net
#

LOCALNET_1="" # put your ip or ip-range here e.g. 192.168.0.0/24 for
192.168.0.1 - 192.168.0.254

Philippe



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here