SLSE 11 SP3 How to Close Firewall
Hi,
there are multiple ways to disable the firewall.
[LIST=1]
[]YaST
In a terminal run yast firewall
if the module is installed. You can check that by running yast -l
and see if firewall is listed. If not, run yast
without a module and select it in the following screen. Go to “Security and Users” → “Firewall” (right side). There you can configure or disable it according to your requirements.
[]CLI
You have some configuration options available if you run
sles11sp3:~ # SuSEfirewall2 --help
For example:
sles11sp3:~ # SuSEfirewall2 stop
SuSEfirewall2: batch committing...
SuSEfirewall2: Firewall rules unloaded.
[*]Run commands
Execute this for a list of options:
sles11sp3:~ # rcSuSEfirewall2 --help
Usage: /sbin/rcSuSEfirewall2 {start|stop|status|restart|reload|force-reload}
[/LIST]
Hi chenguotai,
welcome to the forums.
To actuall close the firewall (in terms of “disable most incoming traffic”), you can call “SuSEfirewall2 close”:
server:~ # SuSEfirewall2 --help
[...]
/sbin/SuSEfirewall2 basic|stop|close|status|help
[...]
Options:
start generate and load the firewall filter rules from
/etc/sysconfig/SuSEfirewall2
stop unload all filter rules
close no incoming network traffic except bootp+ping (for boot security)
[...]
server:~ #
If you need to fully lock up the system, you could instead set firewall rules manually: “iptables -I INPUT -j DROP; iptables -I OUTPUT -j DROP; iptables -I FORWARD -j DROP;”, which would silently drop all packets entering (and destined for) the machine, (originate on and) leave the machine or traverse the machine. If you’d at least let the communication partners know about this fact, use “REJECT” instead of “DROP”, the former is the generally preferred action.
If in doubt, please discuss what you’re trying to achieve with someone experienced on the subject, messing with firewall rules (including locking up the system) will likely have unexpected results for the inexperienced.
With regards,
J