[tlug] Re: SuSE CD problem (was SuSE 8.0 copies at TLUG meeting)

[Mike Fabian <mfabian@example.com>]

Jonathan Q <jq@example.com> writes:

> I've dabbled a bit in SuSE 8 now, and while it's pretty good, my 
> first impressions are:

[...]

> 3) Two many scripts for firewalling and the graphical firewall config
>    tool is not nearly fine-grained enough (being able to specify port
>    22 open is too coarse; the user should be able to specify from which
>    addresses port 22 connections will be accepted).  Mandrake is also guilty
>    of this sin, and it's one of the reasons I dumped Mandrake.
>    Red Hat's approach to this is best; they use lokkit to 
>    generate /etc/sysconfig/ipchains, and that is an ASCII file containing
>    rules for ipchains.  Lokkit doesn't give a fine-grained approach
>    either, but you can whip out your favorite editor and modify that
>    file directly.

On SuSE you have fine grained control by editing
/etc/sysconfg/SuSEfirewall2 manually.  Specifying from which addresses
port 22 connections will be accepted is possible by setting:

    FW_TRUSTED_NETS="a.b.c.d/mask,tcp,22"

This file appears to have a lot of helpful comments, it looks like
many other detailed settings are possible.

-- 
Mike Fabian   <mfabian@example.com>   http://www.suse.de/~mfabian
睡眠不足はいい仕事の敵だ。