[Gllug] SuSEFirewall2

Dylan dylan at dylan.me.uk
Mon Nov 25 16:42:23 UTC 2002


On Monday 25 November 2002 16:26, Sudhir Anand wrote:
> My PC is run on SuSE 8.0.  By default, SuSEFirewall2 is started
> automatically when the PC boots.  YaST2 was used to set-up the firewall
> with the intention that the firewall should monitor /dev/ppp0 after a
> internet connection is established.  A 56k external modem is used to
> connect to the internet.
>
> Internet access is not available if the firewall is running before the
> connection is established.  However, if the firewall is activated after the
> connection has been made the internet can be accessed.  Alternatively, I
> have to shutdown the firewall and restart it after the connection is
> established.
>
> Does this imply that the firewall is not active while the interner
> connection is running or that this is standard procedure of getting a
> firewall to monitor internet connections? 

The iptables module (which is what SuSEFirewall2 uses) needs to know your IP 
address in order to know which traffic to allow in. Since you have no IP 
address until you make your connection, all the TCP/IP packets are filtered 
out because the firewall doesn't recognise the address. When you restart it, 
it picks up the, now known, IP address, and so allows legitimate traffic.

> Is there a way of setting up the
> firewall so that it does have to be restarted after a connection to the
> internet has been established with a modem?

I figure you can have it (re-)start at a relevant point in your dial-up 
process, but I wouldn't know how (someone else probably will tho...)

Dylan

-- 
"Sweet moderation
Heart of this nation
Desert us not, we are
Between the wars"

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list