Just a simple question…
Does everybody set their network cards to “External Zone” on the firewall selection? Because this is the setting I have always used, not really knowing if its the one. It seems to do the job.
What is “Demilitarized Zone” ?
Ive always wondered, why can’t they just have firewall “on” or “off”
Cheers!
Hi
Yes external here…
Have a read here for an insight to a DMZ;
http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
–
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.0 x86 Kernel 2.6.25.16-0.1-default
up 1 day 14:43, 1 user, load average: 0.13, 0.10, 0.09
GPU GeForce 6600 TE/6200 TE - Driver Version: 173.14.12
IMHO the misunderstanding comes from the fact that a firewall is in principle to seperate networks from each other. That brings us to external (the Internet), internal (the LAN) and the DMZ (a seperate LAN where you have the services that are available to the Internet).
I (being not to intelligent) never understood what a firewall could do on a single system. I saw it as a misconception of MS Windows OSs. These OSs seem to have no seperation between users and the system manager and so the user can start network services (listening on ports) by simply loading all sorts of dangerous software. In Unix/Linux this can only be done (at least for the well known ports) by the system manager (root). This can be checked by netstat -r | grep LISTEN and the like and when you (root) manage this correctly, you do not need a firewall (IMHO).
When one nevertheless wants to use a firewall and has only one network connection functioning that is indeed the external network. That is the dangerous outside world you want to be protected from. When you are directly on the Internet, it may be an extra and usefull barrier against starting software in your system where you are not sure it starts listening on ports.
To give my home configuration as an example. My ADSL modem/router has the firewall (I let nothing in) and I have switched SUSEFirewall off in my systems. I have only running services (listening to TCP/UDP ports) that I need. When these services allow it to configure to who they should answer or not I configure that also (e.g. xinetd, apache).
Thanks for both your inputs,
Very interesting to read! Thanks! My router has a firewall built into it, If I want to host something like a web server I have to make sure the port is open… But still I have suse’s firewall and my routers enabled. Double whammy protection. rotfl!
I think unless you install any dodgy software the likeliness of someone compromising your system with opensuse’s firewall switched off is very small. Even so I still think its better to keep it on. Do you remember the times when there was no such thing as a firewall? 
The first PC I ever had was a windows 95 machine with a 133Mhz Cyrix CPU or something strange, I only had about 4GB of hard drive space, a tiny amount of ram… Younger people take everything for granted. :’( I still enjoy snes games! lol!
4GB of disk? Looxury! I remember when a ST-506 20MB disk was big. (Cue Monty Python theme) 
Ive seen one of those before, but its way before my time. They had one in the electronics antique section at college and it weighed a ton for a hard drive. Like a big block of metal. 