I would like to allow certain IPs to access my server (any port, any service and any protocol) and deny every one else. How do I do this via Yast?

Thanks.

This might be useful:

In the firewall script there is this information:

Type: string

10.)

Which services should be accessible from ‘trusted’ hosts or nets?

Define trusted hosts or networks (doesn’t matter whether they are internal or

external) and the services (tcp,udp,icmp) they are allowed to use. This can

be used instead of FW_SERVICES_* for further access restriction. Please note

that this is no replacement for authentication since IP addresses can be

spoofed. Also note that trusted hosts/nets are not allowed to ping the

firewall until you also permit icmp.

Format: space separated list of network,protocol,port]]

in case of icmp, port means the icmp type

Example: “172.20.1.1 172.20.0.0/16 1.1.1.1,icmp 2.2.2.2,tcp,22”

FW_TRUSTED_NETS=""

So it seems to me that you could allow IP addresses like so:
FW_TRUSTED_NETS=“192.168.1.0/24 10.0.0.99” would allow all of the 192.168.1.x series plus the individual IP 10.0.0.99.

You can set that in Yast → System → /etc/sysconfig editor → network → firewall → susefirewall2 → FW_TRUSTED_NETS

Try it out. Might help your problem.

The “catch all” rule is “deny”. That means, if you enable firewall, all except the defined ones will be “deny”.

The, you go to “custom rules” setting and add the IP addresses you want to allow (one entry for TCP and one entry for UDP). I think, you can leave the port range blank. (If it is not allowing, give the full range 1:65536).

@swerdna
Your option is better. I don’t generally use Yast firewall and just use iptables directly. Yast firewall seems to generate a lot of rules, may be because it is written as very generic.

Thanks. This solved the problem.