* John Andersen <[EMAIL PROTECTED]> [03-02-07 21:22]:
[...]
> I'm suddenly reminded why Shorewall is a much better firewall than
> Suse's firewall. I cant find anywhere in yast to enter a blacklist ip.
add to /etc/sysconfig/SuSEfirewall2:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
edit /etc/sysconfig/scripts/SuSEfirewall2-custom as below:
fw_custom_after_antispoofing() { # could also be named
"before_port_splitting()"
# these rules will be loaded after the anti-spoofing and icmp
# handling
# but before any IP protocol or TCP/UDP port allow/protection rules
# will be set.
# You can use this hook to allow/deny certain IP protocols or
# TCP/UDP
# ports before the SuSEfirewall2 generated rules are hit.
####pat added per Ulf Rasch <[EMAIL PROTECTED]>
####X-Mailinglist: suse-linux-e
####X-Message-Number-for-archive: 251791
####10-29-2005
iptables -I INPUT 1 -s 66.77.136.123 -j DROP
iptables -I INPUT 1 -s 70.88.86.57 -j DROP
The last two 'iptables .... DROP' lines were added to refuse access to
66.77.136.123 and 70.88.86.57
--
Patrick Shanahan Registered Linux User #207535
http://wahoo.no-ip.org @ http://counter.li.org
HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
OpenSUSE Linux http://en.opensuse.org/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
