[Firewall] some settings
Arno van Amersfoort
arnova at rocky.eld.leidenuniv.nl
Wed Feb 1 09:08:17 CET 2012
On 29-Jan-12 10:09, Jānis wrote:
> I installed yesterday Script V2.01 and today found it is causing huge
> delays in mailserver work (accepting incomming mail) (kernel 3.2.2)
> How can i fine-tune the fw behaviour to avoid such?
Normally this type of problem shouldn't occur when enabling/using my
firewall. I suspect it has to do with one of the kernel/sysctl settings.
Could you inspect your system/kernel/firewall logs for clues?
> besides, i am starting to get confused over complexity of settings...
> may i ask a very simple question - which variable is responsible for
> allowing certain IP addresses to be allowed to connect to certain ports
> of the host in scope?
You probably want a specific internet host to allow access inbound. For
this case you should use one of the HOST_OPEN_TCP/UDP/IP variables
depending on the protocol you want to allow in.
> As an ordinary user - may be i can suggest to include in distribution an
> example configuration wich can be used just to build a single host
> (server) firewall, without dmz's etc?
Well it's impossible for us to create examples for every possible
scenario AND to make in such a way that it's a direct template for
*everyone*. Instead we try to document each feature/setting as good as
possible. And else there's always the FAQ-page on my website and or the
More information about the Firewall