Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [suse-security] Configuring SuSEfirewall2 on SuSE 9.0 as a personal firewall
From: Armin Schoech (armin.schoechweb.de)
Date: Thu Mar 11 2004 - 09:34:55 CST
> and deny access to all services except ssh for the rest of the world.
--> make sure to use /etc/hosts.allow hosts.deny as a second layer of
security after the firewall.
> In http://seismo.ethz.ch/linux/firewall.html I found the following entry
> which seems to be ok for me
> FW_TRUSTED_NETS="123.123.xxx.yyy 195.195.yyy.zzz" # Adjust
> FW_SERVICES_TRUSTED_TCP="1:65535" # Should be adjusted to needed
> services per machine, not globaly everything.
> FW_SERVICES_TRUSTED_UDP="1:65535" # see above
--> Have a look at 10) in /etc/sysconfig/SuSEfirewall2. You can
finetune the services in the FW_TRUSTED_NETS variable. Example:
> in connection with
> FW_DEV_INT="" # Do I have to set eth0 here as well???
> to enable (more or less) fine-grained access controll to a computer on
> IP-address-basis (or better IP and MAC)?
--> I think for MAC controll you have to write your own rules. See 25)
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoechiap-kborn.de Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here