Hi Anders, Anders Johansson wrote: > On Friday 27 July 2007 13:29:56 Wolfgang Rosenauer wrote: >> Now I still need to control which traffic is allowed from the inside to >> the internet which was done via FW_MASQ_NETS in SF2. >> Since I want to get rid of a second masquerading, SuSEfirewall has no >> mechanism to control this traffic anymore. > > How about FW_FORWARD, which controls which IP addresses or subnets are > allowed > through, without any masquerading being done
Hmm, somehow I missed this because I've read the sentence "Which services accessed from the internet should be allowed to the # dmz (or internal network - if it is not masqueraded)?" So I always thought it would only work from FW_DEV_EXT to the other interfaces and not the other way round without looking deeper into it. But in fact it seems to be independent from the actual devices. Thanks for the heads up, Wolfgang -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
