Allow 113 with options on 12.1


 I was wondering if there is a way to create a custom rule with SuSE Firewall in Yast.  I'd normally do something like:

iptables -A INPUT ! -i lo --dport 113 -m limit --limit 1/second -j ACCEPT

 But I can't seem to find any documentation about how to create a custom rule in Yast firewall to do this type of thing.  I looked and looked for documentation on how to do this and I couldn't seem to find it.  Does anyone know?  Thanks!


As far as I know, unlike some other distros, Suse does not simply put the rules in something like /etc/sysconfig/iptables where you can directly edit them.

I believe the official way is to edit /etc/sysconfig/SuSEfirewall2 and change the lFW_CUSTOMRULES line, then add them to /etc/sysconfig/SuSEfirewall2-custom

See this post for an example:

(However, you may need to adjust your syntax of this rule for it to be accepted.)

Alternatively, you can use iptables-save > myrules.txt which you could edit, and then reload with iptables-restore < myrules.txt, but getting this to happen correctly at boot may be difficult as they may be lost if SuSEfirewall2 runs later.