SuSEfirewall2

Hi there,

i really don’t enjoy yast and the way it handles the firewall in the gui enviroment. is there a way to properly get rid of it, i only want to manipulate the firewall through the bash.

another thing is, how can i safely or properly remove SuSEfirewall2, install latest iptables version and apply the arno’s iptables script?

Iv noticed that inside the file “/etc/sysconfig/susefirewall2” it says that " it looks like a shell script and is parsed by a shell script but it actually is not a shell script itself."

im used to arno’s script so i find it more simple to manipulate, i know that maybe im simply not use to suse but, i like the script.

any help or thoughts would be appreciated.

i really don’t enjoy yast and the way it handles the firewall in the gui enviroment.

You can directly edit the configuration file /etc/sysconfig/SuSEfirewall2 with your favourite editor and then restart with ‘rcSuSEfirewall2 restart’ as user root. Completely replacing it by something else is probably not a very good idea, unless you really know what you are doing. It will break a lot of functionality in yast.

Once the firewall is set up it’s not something which is going to change very often. Do you have any special reason why the standard settings are not sufficient for your purpose?

first thank you for the reply vodoo.

to tell you the truth im not really used to work with suse, im more confortable with redhat/centos/fedora and debian/ubuntu which obviously have other package manager. with these different (not so different) distros as soon as i install them on any computer the first thing i do is to put arno’s iptables script running which is very powerfull cutting edge security script (you should try it if you never did), and the main thing is i can just create custom rules with ease just by editing couple of files. with yast things are not working properly for me, i recon that i should read a bit more about the proper way to configure susefirewall because in the end they all rely in iptables so they all are basicaly the same. i feel more confortable editing files because i can see what i am doing and what i am really changing but not with yast. had some problems setting up samba permissions yesterday at work so i guess i stressed up with it.

you are true when you say we shouldn’t just remove it like that and that’s the reason of my thread, maybe i would like to know how to customise suse a little bit, fpr testing and so i can think a way to shapeshift my suse security config :slight_smile:

btw, check it out: Arno’s projects

don’t forget to check the “SmartBackup” script to, its **** useful :smiley:

On 2010-10-02 00:36, phantom74 wrote:

> the same. i feel more confortable editing files because i can see what i
> am doing and what i am really changing but not with yast. had some
> problems setting up samba permissions yesterday at work so i guess i
> stressed up with it.

Editing files? I simply edit “/etc/sysconfig/susefirewall2”, I don’t use YaST to setup the firewall.

If you want to remove it, don’t: simply disable it.

Telcontar:~ # ls /etc/init.d/ | grep -i firewall
SuSEfirewall2_init
SuSEfirewall2_setup

Just disable those two services, using chkconfig. Just make sure that what you use to replace it
with is does a good job and doesn’t break something that relies in the susefirewall.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)