[ale] Importing iptables rules into SuSEfirewall2?

Raj Wurttemberg rajaw at c64.us
Fri Jun 2 17:08:57 EDT 2017


OK... It was actually fairly simple... I just had to crank up my Google-Fu
level. My iptables file has 200+ rules (crazy government network) so the
manual method James mentioned is not feasible. 

This is all that I really needed to do:

o  Uncommented the "FW_CUSTOMRULES" line in the /etc/sysconfig/SuSEfirewall2
file
	- This points to: /etc/sysconfig/scripts/SuSEfirewall2-custom"
o There was only one chain in the iptables file so it was a quick
conversion. i.e.
	-A RH-Firewall-1-INPUT -p tcp ...
	To
	iptables -A INPUT p tcp ...
o Inserted the updated rules into the SuSEfirewall2-custom file

That's it!

/Raj


-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
Lightner, Jeffrey
Sent: Friday, June 2, 2017 2:23 PM
To: Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] Importing iptables rules into SuSEfirewall2?

Just remember your chains in Suse are apt to be different than those in
RHEL.   You'll likely at least have to modify the "INPUT" or "RH-INPUT"
stuff to whatever the Suse equivalent is.

Running "iptables-save >/tmp/suse_rules" ought to show you what rules (and
chains) Suse has already and give you ideas on how to convert your RHEL
rules.

Also not sure if Suse uses firewalld like RHEL7 now does.  If so you'd want
to use the firewall commands for viewing/editing rather than iptables as
using iptables directly can break things setup in firewalld.



-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of James
Taylor
Sent: Friday, June 02, 2017 12:59 PM
To: 'Atlanta Linux Enthusiasts'
Subject: Re: [ale] Importing iptables rules into SuSEfirewall2?

You should be able to add your tables in the SuSEfirewall framework.

Here is the doc. The "Configuring Manually" section may be helpful.

https://www.suse.com/documentation/sles11/book_security/data/sec_fire_suse.h
tml

-jt
 

James Taylor
678-697-9420
james.taylor at eastcobbgroup.com



>>> "Raj Wurttemberg" <rajaw at c64.us> 6/2/2017 12:31 PM >>>
I have an existing RHEL6 environment with a large iptables rules set. I'm
bringing up a few new SuSE 11 sp4 servers (for SAP) and although I see that
the SuSE servers have iptables installed they don't appear to read the
iptables rules file in /etc/sysconfig like the RHEL servers.    Can I have
SuSEfirewall read the iptables rules or do I have to convert the iptables
rules into SuSEfirewall formatted rules?  

 

Thanks,

/Raj

 





_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list