SDB:Firewall Activation

Şuraya atla: kullan, ara


Version: 8.1

Situation

You want to activate the personal firewall.

Procedure

Preliminary remark: Note that pico, the editor used in this article, is only available in standard installations.

To activate the personal firewall you only have to perform the three steps described in the following lines (as root user).

To login as root, start a text console (icon of monitor with shell in the quick start bar) and enter:

su -

Then you are prompted to enter the root password.

Note that no output (asterisks or similar) is displayed on the screen while the password is entered.

1. The first step consists of inserting the device used for the Internet connection in the following line of the file personal-firewall:

REJECT_ALL_INCOMING_CONNECTIONS=""

To do this, change to the directory /etc/sysconfig/:

cd /etc/sysconfig

and open the file personal-firewall with the editor pico:

pico personal-firewall

Then insert one of the following entries in the line REJECT_ALL_INCOMING_CONNECTIONS="":

ipppX in case you use ISDN

pppX if you use DSL or a modem

X must be replaced with the corresponding device number, for example, 0 (zero) for the first device.

Once the file has been edited, press F2 and then y to save the changes, and hit Enter to exit the editor.

2. The second step consists of editing one of the ifcfg files in the directory /etc/sysconfig/network.

To do this, change to the directory network:

cd network

and use the command ls -l to display the files located in this directory:

ls -l

The output should be similar to:

router:/etc/sysconfig/network # ls -l
total 37
drwxr-xr-x    4 root     root          328 Jul 28 18:49 .
drwxr-xr-x    4 root     root          880 Sep 22 21:10 ..
-rw-r--r--    1 root     root         3844 Apr 22  2002 config
-rw-r--r--    1 root     root         4998 Jul 28 18:49 dhcp
-rw-r--r--    1 root     root           74 Jul 28 18:15 ifcfg-dsl0
-rw-r--r--    1 root     root          181 Aug 18 12:43 ifcfg-eth0
-rw-r--r--    1 root     root           96 Apr 22  2002 ifcfg-lo
-rw-r--r--    1 root     root         3334 Apr 22  2002 ifcfg.template
drwx------    2 root     root           80 Apr 22  2002 providers
drwxr-xr-x    2 root     root          568 Jul 28 18:48 scripts
-rw-r--r--    1 root     root         1139 Jul 28 18:49 wireless

In case you use DSL, the name of the file for the first DSL device is ifcfg-dsl0.

As for ISDN, the name of the file for the first ISDN device is ifcfg-ippp0.

Insert the line:

FIREWALL="YES"

in the ifcfg file applicable in your case.

To do this, open the relevant file with the editor pico. The following example assumes the use of a DSL connection:

pico ifcfg-dsl0

The file content should be similar to:

DEVICE="eth0"
PPPMODE="pppoe"
PROVIDER="dsl-provider0"
STARTMODE="onboot"

Now enter the line:

FIREWALL="YES"

After inserting the line, the file shall look like this:

DEVICE="eth0"
PPPMODE="pppoe"
PROVIDER="dsl-provider0"
STARTMODE="onboot"
FIREWALL="YES"

Once the file has been edited, press F2 and then y to save the changes, and hit Enter to exit the editor.

3. In the third step, the following commands must be executed after having edited the files:

insserv SuSEfirewall2_init
insserv SuSEfirewall2_setup
insserv SuSEfirewall2_final

By doing this, the personal firewall will be activated the next time the system starts. If you want to activate the firewall straight away without having to restart, enter the command:

SuSEfirewall2

Background:

The version 8.1 includes only one firewall package (SuSEfirewall2) with two configuration files:

/etc/sysconfig/personal-firewall
/etc/sysconfig/SuSEfirewall2

SuSEfirewall2 will be activated if entries are inserted in the file SuSEfirewall2 and the file personal-firewall remains empty.

If, on the other hand, entries are inserted in the file personal-firewall, SuSEfirewall2 will be disabled and the personal firewall will be activated, thus overwritting the SuSEfirewall2 configuration.

In addition, if you want to connect clients from your LAN to the Internet, the value masq must be entered in the file /etc/sysconfig/personal-firewall. This procedure is described in the articles:

SDB:ISDN Gateway for Private Networks in SuSE Linux 8.0 or Higher

Please note that the configuration of SuSEfirewall2 exceeds the scope of both the free installation support and the Advanced Support. <keyword>firewall,personal,firewall2</keyword>