Greetings!
I would like to manage the firewall from the command line or with files VIA puppet, however this peice of software seems pretty complicated compared to the other distributions and generic iptables commands / configurations we push out.
Can anyone please advise of how to control this VIA the CLI / config file that is more straight forward?
Many thanks!
Austin Smith
Hi Austin, welcome here…
Assuming this is for a headless server, are you aware of the ability to run YAST from the command line? IMHO a much better way than editing a firewall’s config files by hand.
Login as a user, invoke
su -c yast
(enter rootpassword)
Thank you for the warm welcome!
You are correct, they are headless servers. We do not have a GUI installed, and primarily use yast in the manner you specified. I am looking to manage the firewall w/ puppetlabs product, puppet. However, I cannot find a clear cut way to manage this from it’s configuration file. The only other option I can think of is to use IPtables directly…
Any thoughts?
Thanks,
Austin
On 2011-04-25 21:06, austingsmith wrote:
> Can anyone please advise of how to control this VIA the CLI / config
> file that is more straight forward?
THE configuration file is “/etc/sysconfig/SuSEfirewall2” - that’s it.
Then you issue “SuSEfirewall2” to load the changes.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
On Mon April 25 2011 03:06 pm, austingsmith wrote:
>
> Thank you for the warm welcome!
>
> You are correct, they are headless servers. We do not have a GUI
> installed, and primarily use yast in the manner you specified. I am
> looking to manage the firewall w/ puppetlabs product, puppet. However,
> I cannot find a clear cut way to manage this from it’s configuration
> file. The only other option I can think of is to use IPtables
> directly…
>
> Any thoughts?
> Thanks,
> Austin
>
>
Austin;
Have you tried the ncurses version of YaST suggested by Knurpht. Either of
the following commands launch YaST from the CLI.
YaST
or
yast
Either of these launch YaST but you need to su to root first. Note: “YAST”
will not be recognized. You navigate from the keyboard. Tabs, Arrow Keys and
ALT <key> sequences. It is fairly transparent how to navigate once
launched.
–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green
You want to use Puppet instead of Yast, right ?
If I understand you right, the only way is to disable the firewall in Yast and start a new configuration from scratch in Puppet (if it is able to).
You will obviously have to tweak some config to start the firewall during init.
@ herbwahn
Is it easier to configure it in Puppet?
As far as I can see, puppet is a system for configuration management (kind of + more).
Do you want to use it to distribute the firewall configuration to several machines in your infrastructure?
No, it would be only for my laptop. If it’s easy to configure the firewall, I might give it a shot. If you have used it, you know it better than me.
Sorry, I took you for the OP of this thread.
NO, it is NOT easier to configure the firewall with Puppet. It’s purpose is … completely different.
See: Puppet
You could read this file for some useful examples :
/usr/share/doc/packages/SuSEfirewall2/EXAMPLES.html
Personally it helped me a lot to understand SuSEfirewall2.
Best regards,
Greg
Ok. Thank you!