|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Configuring SuSEfirewall2 on SuSE 9.0 as a personal firewall
From: Armin Schoech (armin.schoech
web.de)
Date: Thu Mar 11 2004 - 09:34:55 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Marc,
> and deny access to all services except ssh for the rest of the world.
>
--> make sure to use /etc/hosts.allow hosts.deny as a second layer of
security after the firewall.
> In http://seismo.ethz.ch/linux/firewall.html I found the following entry
> which seems to be ok for me
>
> FW_TRUSTED_NETS="123.123.xxx.yyy 195.195.yyy.zzz" # Adjust
> FW_SERVICES_TRUSTED_TCP="1:65535" # Should be adjusted to needed
> services per machine, not globaly everything.
>
> FW_SERVICES_TRUSTED_UDP="1:65535" # see above
>
--> Have a look at 10) in /etc/sysconfig/SuSEfirewall2. You can
finetune the services in the FW_TRUSTED_NETS variable. Example:
FW_TRUSTED_NETS="123.123.0.0/16,tcp,ssh 195.195.yyy.zzz,tcp,80"
> in connection with
>
> FW_QUICKMODE="no"
> FW_DEV_EXT="eth0"
> FW_DEV_INT="" # Do I have to set eth0 here as well???
>
--> No.
> to enable (more or less) fine-grained access controll to a computer on
> IP-address-basis (or better IP and MAC)?
>
--> I think for MAC controll you have to write your own rules. See 25)
and /etc/sysconfig/scripts/SuSEfirewall2-custom
HTH,
Armin
--
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoechiap-kborn.de Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]