As a small project I have opensuse 12.1 on the virtualbox vm, I also have a web server on another virtual machine running solaris 11, I have assigned static IPs for all three machines (opensuse 175.10.0.3, solaris 175.10.0.2 and host 175.10.0.1).
I can access the web server from the host and from opensuse, what I want to do with opensuse is to completely block http access (port tcp 80) on the firewall, yet the YaST only allows me to unblock ports.
I have tried modifying the /etc/sysconfig/SuSEfirewall2 configuration file on the FW_SERVICES_REJECT_EXT and the drop DROP_EXT one, but even after executing /sbin/SuSEfirewall2 and restarting the firewall I can still access websites. The interface is configured to the external zone.
> I can access the web server from the host and from opensuse, what I
> want to do with opensuse is to completely block http access (port
> tcp 80) on the firewall, yet the YaST only allows me to unblock
> ports.
That’s because if the firewall is running the default is to block ports,
so you don’t need to configure anything to block them. Just be sure you
have the firewall running, and HTTP NOT defined to be allowed, and it
will be blocked. Your tweaking may be interfering but this is default,
out-of-the-box behavior, so undo whatever was done and you should be
golden if the firewall is running.
Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
After installing opensuse I updated the OS to fix the firewall bugs, and checked the interface configuration, made sure that no services were allowed, the allowed lists on YaST2 show nothing, yet firefox will still connect to the web server.
> After installing opensuse I updated the OS to fix the firewall bugs,
> and checked the interface configuration, made sure that no services were
> allowed, the allowed lists on YaST2 show nothing, yet firefox will still
> connect to the web server.
Of course it will. The firewall blocks incoming connections, not outgoing.
–
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))