From: robin_listas@es.invalid   
      
   On 2022-09-02 09:35, MK wrote:   
   > On Friday, September 2, 2022 at 6:04:50 AM UTC+5:30, marrgol wrote:   
   >> On 01/09/2022 at 23.57, Carlos E.R. wrote:   
   >>>>> I am using "openSUSE 12.3" and "iptables version : v1.4.16.3"   
   >>>>>   
   >>>>> I am trying to enable the iptables rules to allow `22` port for all   
   >>>>> IPs and `80` & `443` for specific IP addresses with the below commands.   
   >>>>>   
   >>>>> 1)  iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT   
   >>>>> 2) iptables -A INPUT -p tcp -s 10.11.12.50 --dport 80 -j ACCEPT   
   >>>>> 3) iptables -A INPUT -p tcp -s 10.11.12.50 --dport 443 -j ACCEPT   
   >>>>>   
   >>>>> Then i have restarted the iptables service with below command,   
   >>>>>   
   >>>>> service SuSEfirewall2 restart   
   >>>>   
   >>>> SuSEfirewall2 keeps its own iptables configuration, so that restart   
   >>>> removed the rules you'd entered manually with iptables command.   
   >>>> Use yast to enter your custom rules into the SuSEfirewall2's   
   >>>> configuration permanently.  Or edit /etc/sysconfig/SuSEfirewall2   
   >>>> file directly.   
   >>>   
   >>> The later. The file contains configuration entries to do exactly what he   
   >>> tried to do.   
   >> For simple rules like those above it's certainly simpler and quicker   
   >> and less error prone to use yast to have them entered into that file   
   >> -- no need to manually search through the file for which entry to modify   
   >> and how. Unless someone really wants to… :-)   
   >>   
      
   >   
   > Hello Carlos E.R,   
   >   
   > That means the commands i have executed are applicable for IPTables and it   
   doesn't have any connection with SuSEfirewall2. Thanks for clarifying me.   
   >   
   > Now please let me know in Opensuse which one is better and let me know how   
   do i block IPs and allow access only to specific IPs?   
   >   
   > Example:   
   > I have Jenkins web server (IP - 10.50.60.70) this server SSH port - 22, and   
   80, 443 should be allowed to specific addresses.   
   > Lets say (1.10.11.12.50 2.10.11.12.51, 3) 10.11.12.53).   
   >   
   > Only above three given IPs should allowed to access 22, 80 & 443 of Jenkins   
   web server.   
      
   As others said, you use YaST.   
      
      
   Or, edit /etc/sysconfig/SuSEfirewall2   
      
   FW_TRUSTED_NETS="1.10.11.12.50,tcp,ssh  2.10.11.12.51,tcp,ssh   \   
           1.10.11.12.50,tcp,http   2.10.11.12.51,tcp,http          \   
           1.10.11.12.50,tcp,https  2.10.11.12.51,tcp,https         \   
           "   
      
   Then run "SuSEfirewall2" to activate the changes (assuming you have it   
   active by default already).   
      
   --   
   Cheers, Carlos.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)