|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int
From: semat (semat
wawa.eahd.or.ug)Date: Tue Oct 03 2000 - 06:05:53 CDT
- Next message: DIEGO GARCIA _ DIRECCION DE SISTEMAS-.: "Re: [suse-security] scanner"
- Previous message: W.Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- In reply to: W.Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Next in thread: Wolfram Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Reply: semat: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Reply: Wolfram Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Okay I don't think this is how marc would do it but I would put that line
at line 729 of /sbin/SuSEfirewall i.e
}
done
# Here is your rule:
$IPCHAINS -A forward -s etc etc -d etc ....
test "$FW_ROUTE" = yes && for i in $DEV_INT_NET $FW_MASQ_NETS; do
for j in $FW_DEV_WORLD; do
$IPCHAINS -A input -j "$DENY" -i $j -d $i $LDC
done
done
On Tue, 3 Oct 2000, W.Schlich wrote:
> first: thanks for your help.
> > > --snip--
> > > ipchains -D forward 2
> > > ipchains -A forward -s 192.168.0.0/23 -d 192.168.0.0/23 -j
> ACCEPT
> > > --snip--
> > The rule you've used above is quite okay now in order not to
> always have
> > to put it in manually you can add it to /sbin/SuSEfirewall before
> the rule
> > that tells it to deny everything by default.
> hmm...
> I don't _really_ understand /sbin/SuSEfirewall
> any hints which line to go to? :)
>
> > Although from what I see above those two cards seem to be on the
> same
> > network.
> err...
> eth0: 192.168.0.0/24 (192.168.0.0/255.255.255.0)
> eth1: 192.168.1.0/24 (192.168.1.0/255.255.255.0)
> -> 192.168.0.0/23 (192.168.0.0/255.255.254.0)
>
> btw: am I the first one who needs forwarding / routing etc. between
> internal interfaces?!
>
> Mit freundlichen Grüssen
>
> | Wolfram Schlich
> ------------------------------------------------------------------
> | E-Mail: wolframschlich.org * ICQ #: 35713642
> | Postal: Berghof * 56626 Andernach * Germany
> | Tel.: +49-(0)2636-941194
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribesuse.com
> For additional commands, e-mail: suse-security-helpsuse.com
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
- Next message: DIEGO GARCIA _ DIRECCION DE SISTEMAS-.: "Re: [suse-security] scanner"
- Previous message: W.Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- In reply to: W.Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Next in thread: Wolfram Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Reply: semat: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Reply: Wolfram Schlich: "Re: [suse-security] firewals-2.1-5 (from 6.4), 1x dev-world, 2x dev-int"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]