[plug] firewall on SuSE SLES9

[Simon Marko]

Denis Brown wrote:

> Dear PLUG list members,
>
> Had a slight "oops" in regards to a SuSE SLES9-based server.   Did an 
> upgrade and one of the patches applied was for firewall.   Testing 
> revealed that after the patching my nice shiny ruleset was toast - 
> server pretty much open to the World.   Ouch.
>
> No worries I thought... just iptables-restore < previous-saved-ruleset
>
> But the firewall upgrade must have been more extensive, or it cannot 
> read previous format because now the ruleset is blank (when do 
> iptables -L)
>
> Is there somewhere a fresh ruleset that I can just iptables-restore 
> from and then start cutting my rules again?
>
> Supplementary question... what are people using to manage firewalls - 
> pref. ncurses-based because I remotely admin this one and do not want 
> to run a gui on it if at all possible.   Would be open to running 
> Apache though so I suppose this opens the way for webmin and allies?
>
> TIA,
> Denis
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
Hi Denis: YaST has a firewall configuration tool under "Security And 
Users" > "Firewall"
Start by choosing your internal and external interfaces, then configure 
the services that should be available on your server.
The basic list can be extended with custom TCP ports by using the 
"Expert" mode
After this stage there are some other options like configuring 
masquerading etc.

There wasn't much in the way of VoIP or UDP rule options, but these 
could be hacked in later if you know what you're doing

YaST will work in ncurses mode if the DISPLAY environment variable isn't 
set, just make sure you're using a font which displays ncurses-type 
interfaces nicely or it could get messy.

Best Of Luck
::SimonM::