[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE Firewall and CUPS (UDP rules)?



No, my question is *much* simpler, sorry :)

The 4 steps of configuring the firewall with Yast:
Step 1: select interface. I have no trusted net, no "internal" interface. So eth0 is the only one, and it's set to external.
Step 2: Services. Additional services is set to: 631.

This is what's causing my confusion. It drops UDP packets destined for port 631. And in fact, in that dialog box it says "TCP services".

What am I missing in the Yast firewall setup tool? :P I've normally set iptables rules by hand, but decided to try the Yast setup, and... I feel I'm missing a lot of things :)

So my question amounts to: can the Yast tools do it? it's a very simple rule, seriously! Or do I need to insert it by hand? In which case I might as well trash all the rules Yast set up in there and put in my own standard set.

  - Vfrc -


barrulus wrote:

------------------------------------------------------------------------

On Friday 17 September 2004 09:05, Maxim A Belushkin wrote:

  a print server on the network is bcasting queue names to UDP port
631. SuSE firewall seems to only have exceptions for TCP ports, and not
UDP. Any "clean" workaround for this avoiding digging into the iptables
rules  the firewall creates?


???

You can set up trusted nets with UDP, allow interfaces to listen with UDP, forward UDP traffic and masquerade UDP traffic?

When you say "exceptions" what do you mean?
Do you want the local CUPS server to be listening on that port to pick up the broadcasts, or do you want the broadcasts to be forwarded into your LAN from your DMZ?

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here