SDB:Firewall Activation
Version: 8.1
Situation
You want to activate the personal firewall.
Procedure
Preliminary remark: Note that pico
, the editor used in this article, is only available in standard installations.
To activate the personal firewall you only have to perform the three steps described in the following lines (as root
user).
To login as root, start a text console (icon of monitor with shell in the quick start bar) and enter:
su -
Then you are prompted to enter the root password.
Note that no output (asterisks or similar) is displayed on the screen while the password is entered.
1. The first step consists of inserting the device used for the Internet connection in the following line of the file personal-firewall
:
REJECT_ALL_INCOMING_CONNECTIONS=""
To do this, change to the directory /etc/sysconfig/
:
cd /etc/sysconfig
and open the file personal-firewall
with the editor pico
:
pico personal-firewall
Then insert one of the following entries in the line REJECT_ALL_INCOMING_CONNECTIONS=""
:
ipppX
in case you use ISDN
pppX
if you use DSL or a modem
X must be replaced with the corresponding device number, for example, 0 (zero) for the first device.
Once the file has been edited, press F2
and then y
to save the changes, and hit Enter
to exit the editor.
2. The second step consists of editing one of the ifcfg
files in the directory /etc/sysconfig/network
.
To do this, change to the directory network
:
cd network
and use the command ls -l
to display the files located in this directory:
ls -l
The output should be similar to:
router:/etc/sysconfig/network # ls -l total 37 drwxr-xr-x 4 root root 328 Jul 28 18:49 . drwxr-xr-x 4 root root 880 Sep 22 21:10 .. -rw-r--r-- 1 root root 3844 Apr 22 2002 config -rw-r--r-- 1 root root 4998 Jul 28 18:49 dhcp -rw-r--r-- 1 root root 74 Jul 28 18:15 ifcfg-dsl0 -rw-r--r-- 1 root root 181 Aug 18 12:43 ifcfg-eth0 -rw-r--r-- 1 root root 96 Apr 22 2002 ifcfg-lo -rw-r--r-- 1 root root 3334 Apr 22 2002 ifcfg.template drwx------ 2 root root 80 Apr 22 2002 providers drwxr-xr-x 2 root root 568 Jul 28 18:48 scripts -rw-r--r-- 1 root root 1139 Jul 28 18:49 wireless
In case you use DSL, the name of the file for the first DSL device is ifcfg-dsl0
.
As for ISDN, the name of the file for the first ISDN device is ifcfg-ippp0
.
Insert the line:
FIREWALL="YES"
in the ifcfg
file applicable in your case.
To do this, open the relevant file with the editor pico
. The following example assumes the use of a DSL connection:
pico ifcfg-dsl0
The file content should be similar to:
DEVICE="eth0" PPPMODE="pppoe" PROVIDER="dsl-provider0" STARTMODE="onboot"
Now enter the line:
FIREWALL="YES"
After inserting the line, the file shall look like this:
DEVICE="eth0" PPPMODE="pppoe" PROVIDER="dsl-provider0" STARTMODE="onboot" FIREWALL="YES"
Once the file has been edited, press F2
and then y
to save the changes, and hit Enter
to exit the editor.
3. In the third step, the following commands must be executed after having edited the files:
insserv SuSEfirewall2_init insserv SuSEfirewall2_setup insserv SuSEfirewall2_final
By doing this, the personal firewall will be activated the next time the system starts. If you want to activate the firewall straight away without having to restart, enter the command:
SuSEfirewall2
Background:
The version 8.1 includes only one firewall package (SuSEfirewall2) with two configuration files:
/etc/sysconfig/personal-firewall
/etc/sysconfig/SuSEfirewall2
SuSEfirewall2 will be activated if entries are inserted in the file SuSEfirewall2 and the file personal-firewall remains empty.
If, on the other hand, entries are inserted in the file personal-firewall, SuSEfirewall2 will be disabled and the personal firewall will be activated, thus overwritting the SuSEfirewall2 configuration.
In addition, if you want to connect clients from your LAN to the Internet, the value masq
must be entered in the file /etc/sysconfig/personal-firewall
. This procedure is described in the articles:
SDB:ISDN Gateway for Private Networks in SuSE Linux 8.0 or Higher
Please note that the configuration of SuSEfirewall2 exceeds the scope of both the free installation support and the Advanced Support. <keyword>firewall,personal,firewall2</keyword>