Bug 1134793

Summary: Cannot configure ip ranges for port ranges in firewall, masquerade, xinetd
Product: [openSUSE] openSUSE Distribution Reporter: Přemysl Vrba <vrbap>
Component: YaST2Assignee: E-mail List <yast2-maintainers>
Status: RESOLVED INVALID QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None    
Version: Leap 15.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Přemysl Vrba 2019-05-11 07:44:53 UTC 
Hi,

there was a possibility to configure a firewall to allow connections from specified ip ranges to port (service) until opensuse 15.0.
1) Do you mean, it is more safe to allow whole internet to connect to selected ports? Can you implement this into firewall again?
2)Because since opensuse 15.0 there is no support for xinetd, there is no functionality of /etc/hosts.deny /etc/hosts.allow files and services running on openSUSE are visible from whole internet.
3) Missing masquerade settings in yast2-firewall. Is it set up by default? Again, it is big security problem in some causes.

Preema
Comment 1 Ludwig Nussel 2019-05-13 08:11:18 UTC 
YaST only provides basic firewall configuration options nowadays, mostly to serve the needs of other YaST modules. For more advanced options try the firewall-config tool.