openSUSE 11.x firewall settings

sabo007 · February 10, 2014, 2:32pm

Hi,
how can i find out which firewall a opensuse 11.x pc is running and which its settings are?
Iam about to update an old pc but i need to keep its firewall setting (especially its settings for blocked ports).
my linux firewall experience is restricted to shorewall but i think i can handle this problem too.

robin_listas · February 10, 2014, 2:54pm

On 2014-02-10 14:36, sabo007 wrote:
>
> Hi,
> how can i find out which firewall a opensuse 11.x pc is running and
> which its settings are?

It is the file /etc/sysconfig/SuSEfirewall2, unless they did custom
additions.

> Iam about to update an old pc but i need to keep its firewall setting
> (especially its settings for blocked ports).

The openSUSE firewall, called “SuSEfirewal2”, by default closes all
ports to the inside. The configuration is done to open some.

It is just a set of scripts that configures iptables.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

sabo007 · February 10, 2014, 3:39pm

Thanks, it seems that susefirewall 2 is not used:
sudo /sbin/rcSuSEfirewall2 status
says: checking that status of SuSEfirewall2 unused
and
sudo /sbin/SuSEfirewall2 status
says: SuSEfirewall2: SuSEfirewall2 not active

but a quick check with nmaps shows that only the ports 22/tcp, 111/tcp and 631/tcp are open
is it possbile that iptables are used directly? Where could i find those settings?
Maybe i can simply backup them and reuse the same files after upgrading/reinstalling the os

robin_listas · February 10, 2014, 7:34pm

On 2014-02-10 15:46, sabo007 wrote:
>
> Thanks, it seems that susefirewall 2 is not used:
> sudo /sbin/rcSuSEfirewall2 status
> says: checking that status of SuSEfirewall2 unused
> and
> sudo /sbin/SuSEfirewall2 status
> says: SuSEfirewall2: SuSEfirewall2 not active

Oh.

> but a quick check with nmaps shows that only the ports 22/tcp, 111/tcp
> and 631/tcp are open

ssh, sunrpc, ipp

> is it possbile that iptables are used directly?

Possibly.

> Where could i find those
> settings?

That’s above my pay grade

> Maybe i can simply backup them and reuse the same files after
> upgrading/reinstalling the os

Better find out what script/service/whatever is setting up the firewall
rules, and replicate or migrate.

What iptables rules are active is certainly easy to backup to a file
(just I’m not acquainted with it), but maintaining them is not trivial.

–
Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))