Firewall advice.

I’m a bit confused with the Yast firewall internal and external zones.

I’ve been playing with the settings and want to know if what I’ve done is the correct approach.

When I built SUSE 11 the firewall interfaces showed my network card was set the the external zone and also was “any”.

If my SUSE box is only to be used for my “internal” network and a bit of web surfing i.e. its not hosting anything to the Internet (which I guess is the external zone) then shouldn’t I reconfigure my network card and “any” to the internal zone? This is what I’ve done and it seems to work fine.

Is this secure? Why was it set the external zone when I installed SUSE? Surly most installs would require the internal zone to be the default?

I found this article:

General Firewall Question - openSUSE Forums

…which seems to explain it - but I’m, still slightly confused.

You can only set a network interface for one zone - i.e. network card to internal zone.
As “most” users wouldn’t be hosting Internet facing stuff why is the default to have the network card set to the external zone?

Also what does the “any” custom string do? Is this a catch all for and NW traffic that originates outside the NW card zone assgnment?

External zone means interfaces that point to untrusted networks (like the internet). If you’re surfing the internet, feeding it in through eth0, it’s facing an untrusted zone.