Table of Contents
Advertisement
External Zone
Given that there is no way to control what is happening on the external network,
the host needs to be protected from it. In most cases, the external network is the
Internet, but it could be another insecure network, such as a WLAN.
Internal Zone
This refers to the private network, in most cases the LAN. If the hosts on this net-
work use IP addresses from the private range (see
Routing"
(page 599)), enable network address translation (NAT), so hosts on the
internal network can access the external one.
Demilitarized Zone (DMZ)
While hosts located in this zone can be reached both from the external and the in-
ternal network, they cannot access the internal network themselves. This setup can
be used to put an additional line of defense in front of the internal network, because
the DMZ systems are isolated from the internal network.
Any kind of network traffic not explicitly allowed by the filtering rule set is suppressed
by iptables. Therefore, each of the interfaces with incoming traffic must be placed into
one of the three zones. For each of the zones, define the services or protocols allowed.
The rule set is only applied to packets originating from remote hosts. Locally generated
packets are not captured by the firewall.
The configuration can be performed with YaST (see
Firewall with YaST"
sysconfig/SuSEfirewall2, which is well commented. Additionally, a number
of example scenarios are available in /usr/share/doc/packages/
SuSEfirewall2/EXAMPLES.
39.4.1 Configuring the Firewall with YaST
IMPORTANT: Automatic Firewall Configuration
After the installation, YaST automatically starts a firewall on all configured in-
terfaces. If a server is configured and activated on the system, YaST can modify
the automatically-generated firewall configuration with the options Open Ports
on Selected Interface in Firewall or Open Ports on Firewall in the server configu-
ration modules. Some server module dialogs include a Firewall Details button
(page 737)). It can also be made manually in the file /etc/
Section 30.1.2, "Netmasks and
Section 39.4.1, "Configuring the
Masquerading and Firewalls
737
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
Related Products for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
- NOVELL EDIRECTORY 8.8 - GUIDE 09-2006
- NOVELL INTELLISYNC MOBILE SUITE 7.0 - SECURE GATEWAY ADMINISTRATOR GUIDE 04-2006
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP1 - START UP GUIDE 03-15-2007
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - LAB GUIDE 01-19-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
- NOVELL ZENWORKS LINUX MANAGEMENT 7.2 IR2 - ADMINISTRATION GUIDE 09-25-2008
- NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
- NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
- NOVELL ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
- NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010