how to block an outgoing firewall opensuse

Hello,

can someone explain how I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.

But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.

Before using fwbuilder is very powerful and configurable but now I’m with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.

Thanks.

Have you tried re-configuring your network interface to operate in the “External” zone instead of the “Internal” zone which should severely restrict traffic by default?

Also, if you have access to your P2P application, “better” apps can be configured to restrict traffic in either direction.

Hope you’re using YAST, it’s much easier than modifying the IP Tables config directly.

HTH,
Tony

yes I’m using opensuse firewall to configure the external interface but allows me to create the rule that says, specifically denying an outgoing connection, I can only create rules permissive not restrictive, that is the problem that I see.

What applications referred to restrict traffic?

Hmmmm…
I hadn’t looked closely at this before.

According to openSUSE Firewall documentation configuring from YAST may not be possible

The rule set is only applied to packets originating from remote hosts. Locally generated packets are not captured by the firewall.

That does seem to be a current deficiency. Alternatively, many P2P applications do manage outbound traffic (eg blacklisting) but since you’re asking about P2P specifically it might be an issue blocking all outbound traffic due to specific protocol negotiation requirements.

Tony

Start of with this command :

sudo SuSEfirewall2 status

This is the part that interests You the most :

### iptables filter ###                                                                           
(some output ommited)
Chain OUTPUT (policy ACCEPT 6137 packets, 1271K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   81  6648 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0

You need to modify this so it’s says something like :

### iptables filter ###                                                                           
(some output ommited)
Chain OUTPUT 
 pkts bytes target     prot opt in     out     source               destination         
   81  6648  DROP       all  --  *      *      0.0.0.0/0            0.0.0.0/0

It’s easily done with iptables command but I don’t know if the changes will persist the reboot.

Best regards,
Greg

On Sun March 13 2011 07:06 am, glistwan wrote:

>
> Start of with this command :
>
> Code:
> --------------------
> sudo SuSEfirewall2 status
> --------------------
> This is the part that interests You the most :
>
> Code:
> --------------------
> ### iptables filter ###
> (some output ommited)
> Chain OUTPUT (policy ACCEPT 6137 packets, 1271K bytes)
> pkts bytes target prot opt in out source
destination
> 81 6648 ACCEPT all – * lo 0.0.0.0/0 0.0.0.0/0
> --------------------
> You need to modify this so it’s says something like :
>
> Code:
> --------------------
> ### iptables filter ###
> (some output ommited)
> Chain OUTPUT
> pkts bytes target prot opt in out source
destination
> 81 6648 DROP all – * * 0.0.0.0/0 0.0.0.0/0
> --------------------
> It’s easily done with iptables command but I don’t know if the changes
> will persist the reboot.
>
> Best regards,
> Greg
>
jony127;

You should be able to add ipfilters to the custom rules hooks for
SuSEfirewall2. The only documentation for this is buried in the comments
of:

/etc/sysconfig/scripts/SuSEfirewall2-custom

Adding them here should guarantee they get loaded at boot.

Good Luck


P. V.
“We’re all in this together, I’m pulling for you.” Red Green