Re: [SLE] Firewall zones

Mon, 25 Sep 2006, by abrahams@xxxxxxx:

I want to configure the SuSE firewall so that communication within my LAN is
uninhibited but communication outside the LAN is fully protected. Looking
at the firewall configuration in Yast, I see that the external zone is
protected but the internal zone is not. However, I don't see how to specify
that the internal zone consists of hosts with addresses 192.168.0.x. This
would seem to be a pretty common requirement.

Please be more specific about your setup. Do you have a network-card
with an alias IP address or something?

It appears that the firewall configurator can specify that an interface is
external or internal, but I have only one interface (network card). It
connects to the LAN and to the router; the router in turn talks to the world.
It's a very common setup.

Perhaps, but that doesn't make it the best setup.
Having your LAN systems on the same segment and IP range as the
"firewall" means that there's nothing between the Internet and the
'other' systems, except the router's rules for port-forwarding etc.

If you want to have a better protection I'd look for a "real" router, that
can be configured for multiple LAN IP ranges, or setup the Linux
machine as such.
Theo v. Werkhoven Registered Linux user# 99872
ICBM 52 13 26N , 4 29 47E. + ICQ: 277217131
SUSE 9.2 + Jabber: muadib@xxxxxxxxxxxxxxxx
Kernel 2.6.8 + See headers for PGP/GPG info.
Claimer: any email I receive will become my property. Disclaimers do not apply.

Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at
Please read the FAQs: suse-linux-e-faq@xxxxxxxx