On 04/07/2015 12:24 PM, floregs3 wrote:[color=blue]
now I succesfully connect my PC across another one to my Internet Router
and the Internet with iptables.
I created Firewall rules with my SLES GUI, and remove the rules on the
Now on the command line with the command ï¿½iptables -L -v ï¿½line-numbersï¿½
they are already there.[/color]
The SUSE firewall (SuSEfirewall2) is basically a bunch of nice UIs and
configuration logic around NetFilter, which is the Linux firewall
technology controlled by iptables. Configure SuSEfirewal2 means you are
configuring the system firewall permanently, so that settings survive
across reboots. Because SuSEfirewall2 uses NetFilter, you can modify
rules on the fly with iptables and related commands, but those changes are
NOT persistent across reboots unless you make them another way using the
UIs or configuration files (/etc/sysconfig/SuSEfirewall2) available for
If I disable my Ipv4-Forwarding, or my Bridge between my Network Cards
the rules disappear. But if I enable the Forwarding or build my Bridge
again they comes back.[/color]
I’m guessing that the rules are setup specifically for devices that go
away or come back, and so they’re always there, but just not displayed
because the relevant devices (br0, etc.) are not present. This is
probably a Linux NetFilter thing, but I’m just guessing. The other option
is that the rules you are seeing going and coming are default rules that
the system always sets up for devices, which may be the case too.
The removing with the iptables -D option don’t survive a restart.[/color]
True, see first response paragraph above.
But all rules I created now, I can remove with the -D option. How can I
do it for the ï¿½GUI ï¿½ Rulesï¿½?
My second Question is, how can I learn which rules are default after a
new SLES Installation?
Or is there any?[/color]
By default the SLES firewall blocks everything UDP/TCP inbound which is
unsolicited, and allows everything outbound; it also responds to ICMP echo
requests (ping) by default. Other things like forwarding/masquerading are
disabled by default, I believe.
Can I remove all rules, without do my system not working? No other
important services are on the PC.[/color]
If you remove all rules then the system is like any other system with all
rules removed in that it follows the “policy” (default for each table)
which is something you can see via iptables commands and is probably to
block all inbound (as defined above) and allow all outbound.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…