How can I block the http service opensuse 12.1

Hello everyone

As a small project I have opensuse 12.1 on the virtualbox vm, I also have a web server on another virtual machine running solaris 11, I have assigned static IPs for all three machines (opensuse 175.10.0.3, solaris 175.10.0.2 and host 175.10.0.1).

I can access the web server from the host and from opensuse, what I want to do with opensuse is to completely block http access (port tcp 80) on the firewall, yet the YaST only allows me to unblock ports.

I have tried modifying the /etc/sysconfig/SuSEfirewall2 configuration file on the FW_SERVICES_REJECT_EXT and the drop DROP_EXT one, but even after executing /sbin/SuSEfirewall2 and restarting the firewall I can still access websites. The interface is configured to the external zone.

Any help would be greatly appreciated :slight_smile:

Thanks in advance.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I can access the web server from the host and from opensuse, what I
> want to do with opensuse is to completely block http access (port
> tcp 80) on the firewall, yet the YaST only allows me to unblock
> ports.

That’s because if the firewall is running the default is to block ports,
so you don’t need to configure anything to block them. Just be sure you
have the firewall running, and HTTP NOT defined to be allowed, and it
will be blocked. Your tweaking may be interfering but this is default,
out-of-the-box behavior, so undo whatever was done and you should be
golden if the firewall is running.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQovSZAAoJEF+XTK08PnB5V4wP/i2teJqUzjseZtxSxk2pN15A
i/udBAoMh1B6JFeCz55t83U7mDNqxgeqaED9MW6OTay+GoplGZTQ5RiN2PSXruw/
oY3Z3QZ6YlGPlfhnoUaTn7YiM/hQFmaUPVJUa8FMUyyvj1oSdLpaL86f2gusAFu2
VvM5MuXY9Pm3ckUNADwoX+CEqBwoB780JZ5cjLpNj78HEBagY6DaLSgVomw96X/F
en39ZBCsAdicMeCj33hNuuE6kO2VBqtESCv51BZPuoNzoGK5r34S0A9RA4AdjvIo
3SpT5PRqq/dHY7ww4aCEskrRRlfdhyG7VDJ+bnUYbsxY9S7heRP5i3h82o3RZbca
1yUTsQU8oKIvgtuxTdGWoEACQqZzulJ+nnXwhMR4YN/SYm4DnTqHUnpPVSs4c64u
1bwXI2fE8UoxqbtGO4+wiRsbF9oAgg4Gqo4+kysl02NGuAErPFb3Q29qFJeiVtf0
uSMRISW3JY4rnFayy0D1M5UKuSUjb0j5SlQ67I562s5+c88WSM3kMHRCJ8eQjSPS
E9DRmIrT7qU3jVD38V2jGtrwPxqCwAPEo+XO9UMr5WUEzJ5B6Wy+5B0AUwhImu5x
8M31pPuClTCbecEseGjTripHCQyHx5jNnusccfda+kzdj+LlsRHvSw1b8uRQrHy1
CtMgY+WVeXBj732D8Xso
=y7LC
-----END PGP SIGNATURE-----

Thanks for answering.

After installing opensuse I updated the OS to fix the firewall bugs, and checked the interface configuration, made sure that no services were allowed, the allowed lists on YaST2 show nothing, yet firefox will still connect to the web server.

On 2012-11-14 02:56, eelr65 wrote:

> After installing opensuse I updated the OS to fix the firewall bugs,
> and checked the interface configuration, made sure that no services were
> allowed, the allowed lists on YaST2 show nothing, yet firefox will still
> connect to the web server.

Of course it will. The firewall blocks incoming connections, not outgoing.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))

How can I block outgoing communication on port 80?

Thanks in advance

Well, I did it.

Deactivated the susefirewall2 and used iptables to block outgoing and incoming communications.

On 2012-11-14 03:36, eelr65 wrote:
>
> How can I block outgoing communication on port 80?

By placing your rules into the custom script provided for the purpose.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” (Minas Tirith))