Custom SuSEfirewall services

tpe · May 13, 2018, 7:34am

Hello,
I would like to configure a custom service in SuSEfirewall because I don’t want to open ports. According to the documentation inside the configuration file, I just need to create a file in the /usr/share/SuSEfirewall2/services directory.
But, this directory doesn’t exists.
And, I haven’t found any relevant documentation in the /usr/share/doc about it.

Any help would be appreciated.

swerdna · May 13, 2018, 8:44am

Have a look in /etc/sysconfig/SuSEfirewall2.d/services

The fields in there define some options for services. You might be able to make one based on looking at the templates already there.

swerdna · May 13, 2018, 9:11am

If you want to see all the options you can have a deeper look into the options in the configuration file located at /etc/sysconfig/SuSEfirewall2. If you don’t want to break SuSEfirewall2 while looking into it you can make and study a copy onto your Desktop with this command, written as yourself (not as root):

cat /etc/sysconfig/SuSEfirewall2 > ~/Desktop/SuSEfirewall2

tsu2 · May 13, 2018, 9:29pm

What do you mean that you want to “configure a custom service in SuSEfirewall because… don’t want to open ports” ?
What guide or reference are you following (pls provide link if available)?
When you say “inside the configuration file,” which file is that?
Do you merely want to create a blocking rule?
Is there some reason you don’t want to configure this using YaST?

TSU

tpe · May 13, 2018, 11:04pm

Basically, I would like to use “services” and not ports. For example, I have some high ports open in my firewall in order to test some websites in my home server. Using the ports is not very helpful, I forget which port belongs to which website etc. Having those ports as custom services (eg test-site1, test-site1-tls etc), is much more helpful.

I mean… nothing! Because what I meant is completely different: I don’t want to open the relevant ports via yast, or /etc/sysconfig/SuSEfirewall. The reason is explained above.

I read those:
https://en.opensuse.org/SuSEfirewall2
https://www.suse.com/documentation/sled11/book_security/data/sec_fire_suse.html

tpe · May 13, 2018, 11:06pm

Many thanks! That’s what I was looking for!

tsu2 · May 14, 2018, 1:15am

YaST (and now you also have the option to use firewalld which is now default in Tumbleweed) supports rules that reference pre-defined and custom defined applications/services.

At some level, I don’t know that functionality can avoid defining ports and now traffic is handled to/from or through ports.

TSU