Firewall. It’s working, but I’ve never seen that any application can’t interact with internet. On Windows, firewalls are supposed to work like blocking individual programs or other more global options. Will appreciate any reply.
Firewall and apparmor are working, and I’ve left them untouched after installation. Never seen any rules for any program however. All programs may connect. I still believe my system is secure as it’s more secure than win or os x right and I’m a simple user (no server things).
So…?
SuSEfirewall2 is designed to block unsolicited traffic from the outside by default, not connection-related or outgoing traffic by default. (It does not behave like a Windows firewall.)
SuSEfirewall2 is basically a script that generates iptables rules from configuration stored in the /etc/sysconfig/SuSEfirewall2 file. SuSEfirewall2 protects you from network attacks by rejecting or dropping some unwanted packets that reach your network interface.
Just to elaborate a tiny bit, it can block outbound too, but, as stated,
does not “by default”. NetFilter, the technology within the kernel that
does firewalling and is controlled by SuSEfirewall2 scripts or various
iptables commands directly, can be tuned to block inbound, outbound, or
various other flows of data (forwarded, masqueraded, etc.) via various
“tables” (thus, iptables). it’s pretty powerful, and correspondingly
complex. As a result it may be a good idea to share a business case for
your need for blocking outbound so we can makesure you’re using the right
technology.
AppArmor uses hooks within the kernel to limit what running programs do,
usually within the system itself more than the network, and may be a good
candidate to confine applications you do not trust, though all of the use
cases I’ve around “prevent appX from going to the network” have made me
wonder why appX was in use in the first place.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
Thanks, so… as I understand, if a connection is not initiated by program on computer, then it’s not accepted. That’s very good. I hope it’s true for wireless too as that makes a little bit more insecure.
“Business case” hmm? It’s just a single computer I dont know if I need to block outbound as all apps were from official sources except 1 thing from “obs” (should not have done that). As it seems to me now, it’s safe with firewall_2 ,default, though core system is not updated to the very last version from 4 default repositories.
On 08/31/2017 10:36 AM, rockin wrote:
>
> Thanks, so… as I understand, if a connection is not initiated by
> program on computer, then it’s not accepted. That’s very good. I hope
> it’s true for wireless too as that makes a little bit more insecure.
It is true for all inbound traffic ever unless you change it. It is the
default for all three of the default zones inbound, even, and not just the
external or DMZ zones, so you really do need to allow traffic in
explicitly to have anything make it to the box from outside of the box.
Secure by default is the best standard, and SUSE does a decent job with
that, though allowing exceptions (in firewalls) to be made easily as
needed (web servers, SSH services, NFS, etc.) via Yast or other tools.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
I dont know if I need to block outbound as all apps were from official sources except 1 thing from “obs” (should not have done that). As it seems to me now, it’s safe with firewall_2 ,default, though core system is not updated to the very last version from 4 default repositories.