SuSE Linux: Version 8.1
You want to activate the personal firewall.
Preliminary remark: Note that pico
, the editor used in this article, is only available in standard
installations.
To activate the personal firewall you only have to perform the three steps described in the following lines (as root
user).
To login as root, start a text console (icon of monitor with shell in the quick start bar) and enter:
su -Then you are prompted to enter the root password.
Note that no output (asterisks or similar) is displayed on the screen while the password is entered.
1. The first step consists of inserting the device used for the Internet connection in the following line of the file
personal-firewall
:
REJECT_ALL_INCOMING_CONNECTIONS=""
To do this, change to the directory /etc/sysconfig/
:
cd /etc/sysconfigand open the file
personal-firewall
with the editor pico
:
pico personal-firewallThen insert one of the following entries in the line
REJECT_ALL_INCOMING_CONNECTIONS=""
:
ipppX
in case you use ISDN
pppX
if you use DSL or a modem
X must be replaced with the corresponding device number, for example, 0 (zero) for the first device.
Once the file has been edited, press F2
and then y
to save the changes,
and hit Enter
to exit the editor.
2. The second step consists of editing one of the ifcfg
files in the directory /etc/sysconfig/network
.
To do this, change to the directory network
:
cd networkand use the command
ls -l
to display the files located in this directory:
ls -lThe output should be similar to:
router:/etc/sysconfig/network # ls -l total 37 drwxr-xr-x 4 root root 328 Jul 28 18:49 . drwxr-xr-x 4 root root 880 Sep 22 21:10 .. -rw-r--r-- 1 root root 3844 Apr 22 2002 config -rw-r--r-- 1 root root 4998 Jul 28 18:49 dhcp -rw-r--r-- 1 root root 74 Jul 28 18:15 ifcfg-dsl0 -rw-r--r-- 1 root root 181 Aug 18 12:43 ifcfg-eth0 -rw-r--r-- 1 root root 96 Apr 22 2002 ifcfg-lo -rw-r--r-- 1 root root 3334 Apr 22 2002 ifcfg.template drwx------ 2 root root 80 Apr 22 2002 providers drwxr-xr-x 2 root root 568 Jul 28 18:48 scripts -rw-r--r-- 1 root root 1139 Jul 28 18:49 wirelessIn case you use DSL, the name of the file for the first DSL device is
ifcfg-dsl0
.
As for ISDN, the name of the file for the first ISDN device is ifcfg-ippp0
.
Insert the line:
FIREWALL="YES"in the
ifcfg
file applicable in your case.
To do this, open the relevant file with the editor pico
. The following example assumes the use of a DSL
connection:
pico ifcfg-dsl0The file content should be similar to:
DEVICE="eth0" PPPMODE="pppoe" PROVIDER="dsl-provider0" STARTMODE="onboot"Now enter the line:
FIREWALL="YES"
After inserting the line, the file shall look like this:
DEVICE="eth0" PPPMODE="pppoe" PROVIDER="dsl-provider0" STARTMODE="onboot" FIREWALL="YES"Once the file has been edited, press
F2
and then y
to save the changes, and
hit Enter
to exit the editor.
3. In the third step, the following commands must be executed after having edited the files:
insserv SuSEfirewall2_init insserv SuSEfirewall2_setup insserv SuSEfirewall2_finalBy doing this, the personal firewall will be activated the next time the system starts. If you want to activate the firewall straight away without having to restart, enter the command:
SuSEfirewall2
Background:
The version 8.1 includes only one firewall package (SuSEfirewall2) with two configuration files:
/etc/sysconfig/personal-firewall /etc/sysconfig/SuSEfirewall2SuSEfirewall2 will be activated if entries are inserted in the file SuSEfirewall2 and the file personal-firewall remains empty.
If, on the other hand, entries are inserted in the file personal-firewall, SuSEfirewall2 will be disabled and the personal firewall will be activated, thus overwritting the SuSEfirewall2 configuration.
In addition, if you want to connect clients from your LAN to the Internet, the value masq
must be entered
in the file /etc/sysconfig/personal-firewall
. This procedure is described in the articles:
"ISDN Gateway for Private Networks in SuSE Linux 8.0 or Higher" (http://sdb.suse.de/en/sdb/html/isdn_masq80.html)
and
"DSL Gateway for Private Networks in SuSE Linux 8.0 or Higher" (http://sdb.suse.de/en/sdb/html/masq80.html)
Please note that the configuration of SuSEfirewall2 exceeds the scope of both the free installation support and the Advanced Support.