Custom SuSEfirewall services

I would like to configure a custom service in SuSEfirewall because I don’t want to open ports. According to the documentation inside the configuration file, I just need to create a file in the /usr/share/SuSEfirewall2/services directory.
But, this directory doesn’t exists.
And, I haven’t found any relevant documentation in the /usr/share/doc about it.

Any help would be appreciated.

Have a look in /etc/sysconfig/SuSEfirewall2.d/services

The fields in there define some options for services. You might be able to make one based on looking at the templates already there.

If you want to see all the options you can have a deeper look into the options in the configuration file located at /etc/sysconfig/SuSEfirewall2. If you don’t want to break SuSEfirewall2 while looking into it you can make and study a copy onto your Desktop with this command, written as yourself (not as root):

cat /etc/sysconfig/SuSEfirewall2 > ~/Desktop/SuSEfirewall2

What do you mean that you want to “configure a custom service in SuSEfirewall because… don’t want to open ports” ?
What guide or reference are you following (pls provide link if available)?
When you say “inside the configuration file,” which file is that?
Do you merely want to create a blocking rule?
Is there some reason you don’t want to configure this using YaST?


Basically, I would like to use “services” and not ports. For example, I have some high ports open in my firewall in order to test some websites in my home server. Using the ports is not very helpful, I forget which port belongs to which website etc. Having those ports as custom services (eg test-site1, test-site1-tls etc), is much more helpful.

I mean… nothing! Because what I meant is completely different: I don’t want to open the relevant ports via yast, or /etc/sysconfig/SuSEfirewall. The reason is explained above.

I read those:

Many thanks! That’s what I was looking for!

YaST (and now you also have the option to use firewalld which is now default in Tumbleweed) supports rules that reference pre-defined and custom defined applications/services.

At some level, I don’t know that functionality can avoid defining ports and now traffic is handled to/from or through ports.