Results 1 to 3 of 3

Thread: Firewall advice.

  1. #1

    Default Firewall advice.

    I'm a bit confused with the Yast firewall internal and external zones.

    I've been playing with the settings and want to know if what I've done is the correct approach.

    When I built SUSE 11 the firewall interfaces showed my network card was set the the external zone and also was "any".

    If my SUSE box is only to be used for my "internal" network and a bit of web surfing i.e. its not hosting anything to the Internet (which I guess is the external zone) then shouldn't I reconfigure my network card and "any" to the internal zone? This is what I've done and it seems to work fine.

    Is this secure? Why was it set the external zone when I installed SUSE? Surly most installs would require the internal zone to be the default?

  2. #2

    Default Re: Firewall advice.

    I found this article:

    General Firewall Question - openSUSE Forums

    ...which seems to explain it - but I'm, still slightly confused.

    You can only set a network interface for one zone - i.e. network card to internal zone.
    As "most" users wouldn't be hosting Internet facing stuff why is the default to have the network card set to the external zone?

    Also what does the "any" custom string do? Is this a catch all for and NW traffic that originates outside the NW card zone assgnment?

  3. #3
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    11,731
    Blog Entries
    2

    Default Re: Firewall advice.

    External zone means interfaces that point to untrusted networks (like the internet). If you're surfing the internet, feeding it in through eth0, it's facing an untrusted zone.
    Leap 42.3 & 15.1 &KDE
    FYIs from the days of yore

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •