Results 1 to 8 of 8

Thread: How does SuSEfirewall knows which port belongs to service.

  1. #1

    Default How does SuSEfirewall knows which port belongs to service.

    Hi everyone,
    I was pocking around susefirewall and being used to RHEL/iptables way of doing things i got little bit confused. From documentation i understood that in /etc/sysconfig/SuSEfirewall2 config file we can define rules, forward/open ports etc. And (in the case of ports) the way we could do it was by specifying port number or service name, like FW_CONFIGURATIONS_EXT="sshd" and firewall would open port 22 for me. I can't find anywhere, though, reference of where SuSefirewall2 gets knowledge about which port belongs to service "sshd"?
    Initially i thought that all service names with all corresponding information (ports etc) where defined in /etc/sysconfig/SuSEfirewall2.d/services/{"service-name"} directory. But when i took a look at content of sshd all it sad was: TCP="sshd"- no port number... So please tell me where SuSefirewall2 gets knowledge aout which port belongs to services...

    And i have another question not related to "networking", but if i may, instead of creating new thread i ask it here. Superuser privileges - when i installed openSUSE (13.1 very intuitive and easy install procedure btw) i was asked if (first/non-root) user should get administrative rights. I checked that and autologin buttons. After installation was complete, system rebooted and logged me in as was expected without greeting me first with login screen. And i could do "sudo su -" using my user passwd to become superuser. But then another confusion moment.... i expected my user to be in group "wheel", but i was not. So question - where does openSUSE defines its superuser users?

    PS please do not direct me to yast, i have found out that i can do almost anything system related with this tool. What i'm really interested in is cli way of doing things.
    thnx a bunch

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,324
    Blog Entries
    15

    Default Re: How does SuSEfirewall knows which port belongs to service.

    On Mon 06 Jan 2014 03:56:02 PM CST, nmaziashvili wrote:
    <snip>

    PS please do not direct me to yast, i have found out that i can do
    almost anything system related with this tool. What i'm really
    interested in is cli way of doing things.
    thnx a bunch


    Hi
    The services are defined in the /etc/services file.

    You can run the visudo command to edit the sudoers file.

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.6-4-desktop
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


  3. #3
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,742

    Default Re: How does SuSEfirewall knows which port belongs to service.

    Nothwithstanding the fact that you got an answer to your second, very hidden, question , you should understand that it is not very productive from your point of view. That is, if you want your question seen by as many members as may possibly know the anwser. When there is no seperate thread with a good title, no one that glances through the titles of new threads, will detect your subject.
    Henk van Velden

  4. #4
    Join Date
    Nov 2009
    Location
    ND, USA
    Posts
    1,131

    Default Re: How does SuSEfirewall knows which port belongs to service.

    On 1/6/2014 9:56 AM, nmaziashvili wrote:
    >
    > Hi everyone,
    > I was pocking around susefirewall and being used to RHEL/iptables way of
    > doing things i got little bit confused. From documentation i understood
    > that in /etc/sysconfig/SuSEfirewall2 config file we can define rules,
    > forward/open ports etc. And (in the case of ports) the way we could do
    > it was by specifying port number or service name, like
    > FW_CONFIGURATIONS_EXT="sshd" and firewall would open port 22 for me. I
    > can't find anywhere, though, reference of where SuSefirewall2 gets
    > knowledge about which port belongs to service "sshd"?
    > Initially i thought that all service names with all corresponding
    > information (ports etc) where defined in
    > /etc/sysconfig/SuSEfirewall2.d/services/{"service-name"} directory. But
    > when i took a look at content of sshd all it sad was: TCP="sshd"- no
    > port number... So please tell me where SuSefirewall2 gets knowledge aout
    > which port belongs to services...
    >
    > And i have another question not related to "networking", but if i may,
    > instead of creating new thread i ask it here. Superuser privileges -
    > when i installed openSUSE (13.1 very intuitive and easy install
    > procedure btw) i was asked if (first/non-root) user should get
    > administrative rights. I checked that and autologin buttons. After
    > installation was complete, system rebooted and logged me in as was
    > expected without greeting me first with login screen. And i could do
    > "sudo su -" using my user passwd to become superuser. But then another
    > confusion moment.... i expected my user to be in group "wheel", but i
    > was not. So question - where does openSUSE defines its superuser users?
    >
    > PS please do not direct me to yast, i have found out that i can do
    > almost anything system related with this tool. What i'm really
    > interested in is cli way of doing things.
    > thnx a bunch
    >
    >

    nmaziashvili;

    Port numbers are defined in /etc/services. There is no reason to avoid YaST in the CLI. YaST runs just fine in ncurses
    (aka text) mode. As root, just enter yast or YaST on the command line. Navigate with the <tab> and <arrow> keys. e.g.
    Code:
    su -
    YaST
    --
    P.V.
    "We're all in this together, I'm pulling for you" Red Green

  5. #5

    Default Re: How does SuSEfirewall knows which port belongs to service.

    Quote Originally Posted by malcolmlewis View Post
    Hi
    The services are defined in the /etc/services file.
    thnx i don' know how could've i missed that, right after i posted i asked myself "could openSUSE too have services file?".... and there it was <facepalm>.... thank you nevertheless

    You can run the visudo command to edit the sudoers file.
    Well... i can edit it, and put myself into wheel group, but right from installation i am not in wheel. So i still don't understand where first user gets his superuser rights...

  6. #6

    Default Re: How does SuSEfirewall knows which port belongs to service.

    Quote Originally Posted by hcvv View Post
    When there is no seperate thread with a good title, no one that glances through the titles of new threads, will detect your subject.
    very true... was lazy on my part.... maybe i should start new thread... you know what, i will just do it.
    thnx all.

  7. #7
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    29,742

    Default Re: How does SuSEfirewall knows which port belongs to service.

    Quote Originally Posted by nmaziashvili View Post
    thnx i don' know how could've i missed that, right after i posted i asked myself "could openSUSE too have services file?".... and there it was <facepalm>.... thank you nevertheless
    openSUSE is not different in this from all other Unix/Linux systems.

    Quote Originally Posted by nmaziashvili View Post
    Well... i can edit it, and put myself into wheel group, but right from installation i am not in wheel. So i still don't understand where first user gets his superuser rights...
    openSUSE does not realy use the wheel group. It is in /etc/group, but I do not realy know why.

    The default sudoers config in openSUSE tries to be friendly to the former users of some other distributions. And thus tt is a bit silly confoguration which has not much use then doing just that: making it easy for people to use:
    Code:
    sudo allmost-everything
    and it will then ask for root's password. This being the same as when you would use
    Code:
    su - almost-everything
    and works allways the same. Without the need of using sudo, where you allways have to be carefull about it's configuration.
    Henk van Velden

  8. #8

    Default Re: How does SuSEfirewall knows which port belongs to service.

    Quote Originally Posted by hcvv View Post
    openSUSE is not different in this from all other Unix/Linux systems.
    Yeah.. was kind of silly of me to flip out like that - "uuh it's all different, what kind of linux is this? tastes weird..." I guess different approach/way of doing to things got me confused... shame on me.

    openSUSE does not realy use the wheel group. It is in /etc/group, but I do not realy know why.
    The default sudoers config in openSUSE tries to be friendly to the former users of some other distributions. And thus tt is a bit silly confoguration which has not much use then doing just that: making it easy for people to use:
    Code:
    sudo allmost-everything
    and it will then ask for root's password. This being the same as when you would use
    Code:
    su - almost-everything
    and works allways the same. Without the need of using sudo, where you allways have to be carefull about it's configuration.
    I got this now, during install yast asks me if i want to be admin, if "yes" yast sets first non-root user password to be "root" password as well, so i would be able to do sudo (su) with my own password, thus making group "wheel" in this situation irrelevant.
    It is quit simple actually... when you know what's what

    thanks Henk

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •