iptables question

I was looking in the ubuntu forum and I seen this LINK and wanted to know if it was possible to do this in openSuse without using the YaSt firewall. How will it keep this script at the boot active because I did try it but it would not lode it at the boot.

Thank You

Matt

What are you trying to do? All those rules look like plain accepts that can be easily configured with the yast interface.

I didn’t notice one that might be tricky to implement. Only a couple I noticed are port ranges like 100:110 which I would have to briefly look up.

Then if you found them too difficult via the gui, custom rules as the config file would have no trouble loading them.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check out the two iptables articles from David Mair (at Novell). They are
great, and show exactly what you’re after I believe:

http://www.novell.com/coolsolutions/author/3811.html

Good luck.

Matt101 wrote:
> I was looking in the ubuntu forum and I seen this ‘LINK’
> (http://ubuntuforums.org/showthread.php?t=668148) and wanted to know if
> it was possible to do this in openSuse without using the YaSt firewall.
> How will it keep this script at the boot active because I did try it but
> it would not lode it at the boot.
>
> Thank You
>
> Matt
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7xomAAoJEF+XTK08PnB5gKUP/ihQbtQgcAtMguEfvbQP2XQN
A3Sbt98fVK8Kh7ivBbOlnlSJ1rAmbwjpA+32RSIenzx+ddeu3Axcb9VcHE5/kOVY
O4HSbQ9zFUmLZyKCjEljs7Wpa7HbWYUxb8p75enw3MNWB5VAZPGA2g57xLzVl1+d
qWCTGmRlmyrNk5TicH7efeuicdEmm9EpmmXDxvoEPzsJ6I7oP7S77qUQ8b0rDkaI
2rhzE+3eRfDbvT1/Xz8QA69tN2sPSVBi0+nm3u5gVorFsNpggJ4msu56bJMd1f2U
xIzJ6P547eHZIplY5XkZy3hnuKvBS+17ygWBt7Py7SqAxsuFyM0KME3MzJBUKyo4
+VnLhqwFc10XBTM8VxDypt0f8S1XdaSzSxx0qrg3PZbozMrYpOBqVBg3kSDi26/6
umTTW7saBArE/gPnnecTh3X8RGjCYEJX7xZlkBbIfCLX/COCT5oWOoqKRGzqa3dX
SN3NKuQ9B5nM/VXX1TIVhpcBI2hfUg3dGM0HNtFXvb1De4cEqC6pT8ZSsY2EZ9Z6
tY+3KKuQAROL3z+msuZHTJS/gpk07+Rk1LkLi+nPyLi2agShY1SfXi7Jm8L8gq9x
/oP0Uo30JQZab9vM2yf646K7Hc0X9HFsB383dj7+9GrgLlsHVZYGA4JmmcGxL9Mb
Nvee0h21fpcRFGPSOmId
=odqk
-----END PGP SIGNATURE-----

Not really sure they help the OP, they make no mention of disabling SuseFirewall(Though I question why) or how to implement custom rules the Suse way.

Edit
Though thanks for the link just what I’ve been looking for. Iptables written in something understandable.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To disable the old one just set SuSEfirewall2_setup to off, I believe, via
chkconfig. Otherwise just go into Yast: Security and Users: Firewall and
disable it. Once done then implement the scrip from the CS.

Good luck.

FeatherMonkey wrote:
> Not really sure they help the OP, they make no mention of disabling
> SuseFirewall(Though I question why) or how to implement custom rules the
> Suse way.
>
> Edit
> Though thanks for the link just what I’ve been looking for. Iptables
> written in something understandable.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7yA8AAoJEF+XTK08PnB5A6kP/1DqRMqUZGOQFwu9bChZQkyd
itaVtkFqGNQTebxLHLd8qrFbagbFPN+qyiXMj/EfEM+5I9Eu1XyE36NuZ702F3Gy
sQk29dXdbIKmKCBQ/sDpSNOfcS0bxZp9fyLfEiB96oxMK8XYEx9HBLFtI/fAZhdU
lUzwI5nN3iIn0WuZGGdfVUNVuzi+2F3mBTKRH2d8qPFwS4+GyYrzw99yOv/euLJR
s7331pzKAKdcgCQULE1a4gNy20zfv3oFmHDdSAahLo8J8YwDEMEiT4AaubWnZ6Uq
apDmBQmueRwsujrOsULs8IBeASD0LbU5vSHICGTVmwoNSt6c27uKq/t2DlX/5dk4
BleQ81hnOD8uJYIYalcuG7oMXpn0tTuZ4uue9aCRN1+w50naED3kjbbNZGdE3ykJ
CcgvWs2BRVEjqiwyzHmJwsHeL8NVl3lAyjMTKjbVlyfaDr/iosNwpfdX0GY4TPPK
i9/R+TDShDtF4Tt8NIRaxbwC/BJLFCJTeIl+di4yBuJeNx298bn2BjR3tOBtbJNO
iZ0h4DDIn6vv+EqzCnP2ANpJmX+lKAOOlNonEpOrWNx4O+24TekOmzZNqnIcSHMG
E7O7rpNDPoVfAEqaqtWd22EygB140oZGgoAlGyKJwLPOh5RrZw8v1U8bLGLGZYA9
I/Sq5Aq9OmsSvWFovwY5
=UlwG
-----END PGP SIGNATURE-----

I wanted to know how would that script load at boot without manually loading it

/etc/init.d/firewall start

.
But the post is helpful just have to look them over to see how to save the script to load at boot the YasT Firewall is too crunched for me to look at I don’t know where in the SFW config file to start my custom rules.

Thank You you guys are great

Round about line 931 there is line with config… in /etc/sysconfig/SuSEfirewall2 above that line it points to… /etc/sysconfig/scripts/SuSEfirewall2-custom

If you look in there they’re some examples.

As for the other way after disabling I’m not really sure I presume it will still load iptables. If so then it will be just a case of saving the rules after creating.

Though I would just use yast and add the rules in allowed services. You have advanced here it will add the rules and it seems ranges are of the same format. i.e 100:110

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

chkconfig firewall on

Good luck.

Matt101 wrote:
> I wanted to know how would that script load at boot without manually
> loading it
> Code:
> --------------------
> /etc/init.d/firewall start
> --------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ7yuuAAoJEF+XTK08PnB5XysQAIUdULkEcNzTEcoej/pLuVyc
N1NFuN0Bk/JiGyYeqkKo/57l3J0JaowzRn7GYSj+I+U5nSr452V4+05VBbvwgyYx
zuQslDybfHAQKrYKCwE9sGKDm7bpM7dkVxONXmldDTZK+2NcT/PtjV3RbLM0t0W3
S2vuTPb4p7X/GCAj1AWi9Ull1SG38HFTpJzSBFU7gf/0yoHxQEKtwodWRZfNdbD1
JE3NX+iB/dMjS7p7GAGOFdnZybZfIHF8iioEBG2iDJSpE2LX7ZJxhanCtKT8diym
R/a9dkaXbLeTSl5grxuLival6KfeonjuqJfWZMlZ9Xlq0XFpX7S68WuYIUbaw49u
2Ly0B4WrJwSKD7hsZqoIL40hrLd8gRolKgf9rZGu/42c59aKPab2PiV4GlnckNiz
KFh+uiI2lzH0GXYbWWiEco3BG1Cm/ryaRUNcUSJNX7fTXmTGV3qi3cd99TGgDxvJ
y3L8506X2ATo5uuZn8ewbaT5t04PyWsK2VPY8ExToD1bL4/WizzuDMK7JPmRnj0u
TSpuyXG7v7yFAXOP0VwfiBo2HMUjTjtJe5Xsa+vbIViO3de+NMLr8EVCmHNOO4jS
WTejaxp7V7q91QfIrKahRYLle+kEROqYC4Q3nZqoMzklkh1f+dpxyVbpxDcKC96I
fYWt3rtHXgCfaOTcuUw4
=mW6m
-----END PGP SIGNATURE-----

That did it loaded on the boot thank you very very very much sir.

Round about line 931 there is line with config… in /etc/sysconfig/SuSEfirewall2 above that line it points to… /etc/sysconfig/scripts/SuSEfirewall2-custom

If you look in there they’re some examples.

As for the other way after disabling I’m not really sure I presume it will still load iptables. If so then it will be just a case of saving the rules after creating.

Though I would just use yast and add the rules in allowed services. You have advanced here it will add the rules and it seems ranges are of the same format. i.e 100:110

Thank You too.:wink: I’m still studying or trying getting used to the config file still puzzled where to put the rules I looked at line 931. And don’t know where to put “port numbers” the examples are confusing in a way. If I keep reading it I’ll get it

Line 931 just asks where the custom file is if you look at the one in scripts should make more sense. This just tells it you have custom rules at /etc/sysconfig/scripts/SuSEfirewall2-custom(Commented out)

Just have the hooks to contend with, it takes the same format as the script you highlighted.

I’m not really sure where about in Susefirewall2 the allows go, easiest would be to use the gui and search after adding one.

Edit
Thread here http://forums.opensuse.org/install-boot-login/389686-how-load-iptables-configuration-boot.html