[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE Firewall and CUPS (UDP rules)?



Title: Untitled
(from my subscribed address this time)

On Friday 17 September 2004 09:19, Maxim A Belushkin wrote:
> No, my question is *much* simpler, sorry :)
>
> The 4 steps of configuring the firewall with Yast:
> Step 1: select interface. I have no trusted net, no "internal"
> interface. So eth0 is the only one, and it's set to external.
> Step 2: Services. Additional services is set to: 631.
>
>    This is what's causing my confusion. It drops UDP packets destined
> for port 631. And in fact, in that dialog box it says "TCP services".
>
>    What am I missing in the Yast firewall setup tool? :P I've normally
> set iptables rules by hand, but decided to try the Yast setup, and... I
> feel I'm missing a lot of things :)
>
>    So my question amounts to: can the Yast tools do it? it's a very
> simple rule, seriously! Or do I need to insert it by hand? In which case
> I might as well trash all the rules Yast set up in there and put in my
> own standard set.

No, the YaST interface is too simple for that.
I usually click through yast to make sure that the Firewall is started, then I 
edit /etc/sysconfig/SuSEfirewall2 by hand.

It is a very well structured file and certainly loads better than playing with 
IPTables directly.

All the rules you originally create in YaST will still be there abnd YaST will 
not autotrash anything you change.

Remember to rcSuSEfirewall2 restart when you are done.

Barry


> barrulus wrote:
> > ------------------------------------------------------------------------
> >
> > On Friday 17 September 2004 09:05, Maxim A Belushkin wrote:
> >>   a print server on the network is bcasting queue names to UDP port
> >>631. SuSE firewall seems to only have exceptions for TCP ports, and not
> >>UDP. Any "clean" workaround for this avoiding digging into the iptables
> >>rules  the firewall creates?
> >
> > ???
> >
> > You can set up trusted nets with UDP, allow interfaces to listen with
> > UDP, forward UDP traffic and masquerade UDP traffic?
> >
> > When you say "exceptions" what do you mean?
> > Do you want the local CUPS server to be listening on that port to pick up
> > the broadcasts, or do you want the broadcasts to be forwarded into your
> > LAN from your DMZ?

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here