Join Chaim Krause for an in-depth discussion in this video Set up SuSEfirewall2, part of SUSE Linux Enterprise Server Essential Training.
- Firewalls are a very important topic. Servers serve a special purpose and that is to make services available to other users so you can't isolate your server, you have to make it available but at the same time you have to protect it. This course is not about firewalls, so we're not going to go into great detail but what I am going to show you is how to implement the details of a firewall in SUSE Linux Enterprise Server 12. There is a nice tool to be used in YAST and it is towards the bottom and it's simply titled "Firewall" so I'm going to use that.
The first thing it asks you about is startup; do you want to enable the firewall automatically on Boot and, also, do you want to start it now? So I'm going to say go ahead and enable this when it starts and the next thing we have to do is take a look at our interfaces. I've created three here so we can have one of each kind. If we take ethernet zero, I can make this internal. If I take ethernet one, I'm going to make this DMZ, and for our final interface, I'm going to make the external.
Now, services, we need to make services available. If you go to the internal zone, you'll see that everything is allowed by default. It's very unlikely that you would have a need to change that. If we want to make things available externally, we pick the service that we want to make available, let's say our web server, and click on "Add." We can do the same thing for multiples, so let's choose HTTPS and add that as well.
So now those ports would be opened up on our external zone. Next is Masquerading. There is two things that you take care of in this panel; one is dynamic net for taking your clients and routing them outbound, and for that, it's as simple as clicking on Masquerade Networks, that's all you need to do, and now your outbound netting is handled for you. The other portion here is for doing port forwarding.
So you can add a port to forward by choosing the source network and the protocol. If you don't put in the requested IP, it's going to take it for the interface. For requested port, I'm going to say 80 for our Web server. I can redirect that to an internal IP and a port. So maybe I've got a Web server on that machine that is on a nonstandard port. I can map the port 80 externally to the port 80 internally.
And here on the broadcast tab, you can set up for firewall configurations for broadcasting. It's rare to do, so we're not going to look at specifics here, but this is where you would do it. Logging levels, probably for production, you only want to log critical, but if you're doing some kind of troubleshooting or you're doing some pen testing, then you can crank this up to get more detail. Custom Rules is for anything that doesn't fit in any of the other tabs.
We'll go ahead and we'll click next and we'll get a summary of what it's going to do when we click Finish. It configured it, and now let's open this up again, and we can see that the firewall has been enabled, and if we want to make further changes, we can, and then click on the button for Save Settings and restart firewall. So that's where you configure firewalls for SUZE Linux Enterprise Server 12.
- What is SUSE Linux Enterprise?
- Installing SLES
- Linux file types
- Working at the command line
- Managing processes
- Working with background processes
- Managing users and groups
- Changing file permissions
- Configuring network interfaces
- Displaying hardware information
- Managing drivers