Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 651 — #677
i
i
i
i
i
i
i
i
26
Security in the Network
their port numbers (listed in /etc/services). If you are not going
to use your host as a server, press ‘Next’ to exit this dialog without
making any changes.
Features Here, select the main features of your firewall:
‘Forward Traffic and Do Masquerading’
Protects hosts in the internal network from the Internet — all
Internet services appear to be used by your firewall, while the
internal hosts remain invisible.
‘Protect from Internal Network’
If enabled, internal hosts can only use the services explicitly
made available to them. Given that services cannot be made
available from these dialogs, disable this option if you want
internal hosts to access the firewall.
‘Protect All Running Services’ Enable this to deny access to the TCP
and UDP services of the firewall from the outside completely.
This does not affect the services explicitly made available in the
preceding step.
‘Allow traceroute’ This assists in checking the routing to your fire-
wall.
‘Treat IPsec Data Traffic as Internal’
This tells the firewall to deal with successfully decrypted IPsec
packets as if they were packets coming from the internal
network.
When completed the feature configuration, exit this dialog with
‘Next’.
Logging Determine the scope of logging for your firewall. Before activat-
ing the ‘Logging options’, consider that these log files produce a large
amount of output. The configuration of the logging function is the fi-
nal step of the firewall configuration. Exit the dialog with ‘Next’ and
confirm the following message to activate the firewall.
26.3.5 For More Information
The most up-to-date information and other documentation about the
SuSEfirewall2 package is found in /usr/share/doc/packages/
SuSEfirewall2. The home page of the netfilter and iptables project,
http://www.netfilter.org, provides a large collection of documents
in many languages.
651SUSE LINUX Enterprise Server