OpenSUSE Network :: How To Block An Outgoing Firewall
Mar 11, 2011
How I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
I suspect this is an initial configuration bug. All firewall logs seem to be going to all three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.
I open this thread after an unsuccessful long search over the Web. Essentially what I want is to block the outgoing connection of a program. All I know about this program is its name and so I don't have any information regarding the ports it utilizes or the address it may contact.
I just set up a new router for our home office. I've enabled traffic logging, and I'd like to have the logs emailed to me. However, in order to configure email-notification, the router needs and outgoing mail server. Forgive me, but I don't really understand the terminology being used here. I've googled this a bit, but I'm not sure I now what "outgoing" vs "incoming" mean in the context. I tried using my gmail account as the outgoing mail server (smpt.gmail.com) but it requires TTLS encryption, and there's no option for that on my router.
So I figured I'd setup a simple mail server on my local network. I have a dedicated server machine, so I'd just configure a mail server there. But I got stumped at the first input box (in the yast module):"Outgoing Mail Server".That's what I wanted to use this server for. What is this "outgoing mail server"? I understand it in a normal emai context (I think) but this is confusing me. I've read through the HowTo on the openSUSE wiki, but it still doesn't answer this question.Isn't there some way to have a simple, local mail server (without MX records and the like) so I can send email from a local machine?
My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.
I want some advice for making my system more secure. I want deactivate any network connection that is unnecessary. Only my browser and the update ability of zypper should have access to the internet. On windows there are personal firewalls.
How can I block internetaccess for all other programmes on openSUSE?
Samba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?
I am trying to add a custom allow rule in the firewall for a range of IPs from 74.201.102.0 - 74.201.103.255, what exactly am I supposed to enter in the source box? I believe I have to add two separate rules for 102 and 103, and I put /24 at the end of both, is this correct to get the whole range of IPs?
1. Under openSUSE 11.2, I allowed printer sharing through CUPS by setting the Firewall to Allow Services of CUPS in the External Zone section. I don't see the CUPS option in the Allow Services of the Firewall under 11.4, any zone. Is my system missing something?2. If I turn off the Firewall, the client computer can see the printers, even get the broadcasted names. If I put port 631 in TCP of the Advanced setting of the External Zone, the client computer can see the printer too, but I know I read somewhere that putting 631 in the External Zone is basically allowing printer requests from the entire internet.
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
switched recently to 11.2 and it works fine for me as workstation I want to set up a router separating a part of the network and also acting as a firewall/proxy... Configured 2 Ethernet Interfaces, checked Ip forwarding in Yast but it does not forward the packets from the "internal" to the "external" network. Hovewer after I set up my router as default for machines on internal network I can ping the external interface but no adress on external network (particularly the one of the default router) !!! From the router I can reach both networks and the net via default gateway on external. Tried to:
a) switch firewall completely off b) iptables -P FORWARD ACCEPT c) masquarading internal adresses to the external network
my interfaces configuration looks like: eth0 Link encap:Ethernet HWaddr 00:13:D4:E3:A2:7B inet addr:192.168.1.34 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::213:d4ff:fee3:a27b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
We have reason to ask this of you following some strange firewall behaviour - But don't panic If you use openSUSE 11.2 and you think: Your Firewall should be running You are not sure but think it should be check and report back here.
I'm trying to get OpenMPI (a parallel programming library) working on my home system. I have just two machines on it now, t61 and quad, connected through a router. (Which is also connected to cable modem for internet.) I can ssh between the machnes, mount directories with NFS, etc. However, I just can't get the OpenMPI to run. The OpenMPI message board suggested that the most probable cause is that the firewall is blocking TCP. I don't know how to tell if that's the problem, and can't find any manual for the SuSE firewall, while the various Wikis &c that pop up in a search don't provide any information that addresses my problem.
SuSE 10.0 X86 32 acting as my internet gateway and firewall.
eth0 is my internal interface network 192.168.0.0/24 IP 192.168.0.254 dsl0 is my internet connection and is a single ip PtP connection to my ISP.
My internal network is masquaraded onto the external network.
I run an smtp server on my gateway box that I need to be accessable to both the internal and external networks.
However I want to prevent machines on the internal network from establishing connections to external smtp servers, but still alow them to connect to the smtp server on the gateway to send email.
NOTE I do not want to force attempts to connect to [URL] 25 to be re-directed to my internal server I just want to drop or reject the connection.
The firewall up until now has just been configured through YaST, but am not afraid to edit script files if needed
The reason for doing this it to prevent spambots from being able to send through my isp, I keep my own machines clean but sometimes get asked to disinfect machines for other people (family members etc), where I need to connect to the outside world to get updates/virus defs etc, but don't want them spamming from my network.
can I deny the access to my server for a specific OS? I have one PC which I want to give it acces from winxp, but if it's boot into ubuntu I want to deny all access to my server, same IP, same ethernet card
I've setup vnc over ssh tunnelling however the Suse firewall seems to be blocking it. On the local host I have this in ~/.ssh/config:LocalForward localhost:5900 remotehost.com:5900 The problem is that this only works when I either disable the firewall or add an exception for VNC. Both of these actions defeat the whole purpose of ssh tunnelling since they leave my VNC port open to the outside world (very insecure).
I'm in the situation where I'm trying to create 2 private networks using ESX server, all behind a NAT router (static ips are used). I used an openSuse11 vm as a router and was able to configure it so that a machine on one private network was able to access the public network. The problem I have now it that I need to be able to access a machine on the private network from the public network using a different set of IP's.
So if a machine in the private network has an IP of 10.1.0.222 I should be able to ping it using 10.99.0.222 or some other IP. I have never done this before and after reading up on iptables and linux routing I feel more confused than before. Is it possible to add IPs to eth0 (public) and have them mapped to machines on a private network eth1 or eth
I'm looking forward to the release of openSUSE 11.4, which I'm looking to install as an Internet facing gateway on a mini-ITX machine with 2 Ethernet cards. As such I've been reading up on the YaST Firewall trying to find out to configure it, and there's one thing I'd like to be able to do: 'stealth' all the firewall ports.
In other words, if someone were to hypothetically do a port scan of my external IP address, I would rather they not know whether any of the ports on my gateway are open or closed, so instead of replying with the status of those ports the packets get dropped. I've been able to do this with a product called Astaro Security Gateway, which I currently have installed on a second hand Dell Optiplex machine, but I am now looking into the possibility of installing this as a virtual machine inside an openSUSE 11.4 host (extra level of security) and would like the same functionality for the host OS.
I have done a new install of 11.4 and as with previous versions, I have to go to YAST2 and disable the firewall before I have internet and local network access. Finally I must find out how to do this correctly.
How to I change the default firewall to allow me internet and local network access without disabling it completely? Also I am unclear about the function of Novel Network Armor? What does this do?
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG. Can I block other attachments using a firewall?
Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.
