SLSE 11 SP3 How to Close Firewall

SLSE 11 SP3 How to Close Firewall


there are multiple ways to disable the firewall.

In a terminal run yast firewall if the module is installed. You can check that by running yast -l and see if firewall is listed. If not, run yast without a module and select it in the following screen. Go to “Security and Users” → “Firewall” (right side). There you can configure or disable it according to your requirements.
You have some configuration options available if you run

sles11sp3:~ # SuSEfirewall2 --help

For example:

sles11sp3:~ # SuSEfirewall2 stop SuSEfirewall2: batch committing... SuSEfirewall2: Firewall rules unloaded.

[*]Run commands
Execute this for a list of options:

sles11sp3:~ # rcSuSEfirewall2 --help Usage: /sbin/rcSuSEfirewall2 {start|stop|status|restart|reload|force-reload}

Hi chenguotai,

welcome to the forums.

To actuall close the firewall (in terms of “disable most incoming traffic”), you can call “SuSEfirewall2 close”:

server:~ # SuSEfirewall2 --help
/sbin/SuSEfirewall2 basic|stop|close|status|help
  start       generate and load the firewall filter rules from
  stop        unload all filter rules
  close       no incoming network traffic except bootp+ping (for boot security)
server:~ #

If you need to fully lock up the system, you could instead set firewall rules manually: “iptables -I INPUT -j DROP; iptables -I OUTPUT -j DROP; iptables -I FORWARD -j DROP;”, which would silently drop all packets entering (and destined for) the machine, (originate on and) leave the machine or traverse the machine. If you’d at least let the communication partners know about this fact, use “REJECT” instead of “DROP”, the former is the generally preferred action.

If in doubt, please discuss what you’re trying to achieve with someone experienced on the subject, messing with firewall rules (including locking up the system) will likely have unexpected results for the inexperienced.

With regards,