From: mohanss08@gmail.com   
      
   On Friday, September 2, 2022 at 5:14:10 PM UTC+5:30, Carlos E.R. wrote:   
   > On 2022-09-02 09:35, MK wrote:    
   > > On Friday, September 2, 2022 at 6:04:50 AM UTC+5:30, marrgol wrote:    
   > >> On 01/09/2022 at 23.57, Carlos E.R. wrote:    
   > >>>>> I am using "openSUSE 12.3" and "iptables version : v1.4.16.3"    
   > >>>>>    
   > >>>>> I am trying to enable the iptables rules to allow `22` port for all    
   > >>>>> IPs and `80` & `443` for specific IP addresses with the below   
   commands.    
   > >>>>>    
   > >>>>> 1) iptables -A INPUT -p tcp -s 0/0 --dport 22 -j ACCEPT    
   > >>>>> 2) iptables -A INPUT -p tcp -s 10.11.12.50 --dport 80 -j ACCEPT    
   > >>>>> 3) iptables -A INPUT -p tcp -s 10.11.12.50 --dport 443 -j ACCEPT    
   > >>>>>    
   > >>>>> Then i have restarted the iptables service with below command,    
   > >>>>>    
   > >>>>> service SuSEfirewall2 restart    
   > >>>>    
   > >>>> SuSEfirewall2 keeps its own iptables configuration, so that restart    
   > >>>> removed the rules you'd entered manually with iptables command.    
   > >>>> Use yast to enter your custom rules into the SuSEfirewall2's    
   > >>>> configuration permanently. Or edit /etc/sysconfig/SuSEfirewall2    
   > >>>> file directly.    
   > >>>    
   > >>> The later. The file contains configuration entries to do exactly what he    
   > >>> tried to do.    
   > >> For simple rules like those above it's certainly simpler and quicker    
   > >> and less error prone to use yast to have them entered into that file    
   > >> -- no need to manually search through the file for which entry to modify    
   > >> and how. Unless someone really wants to… :-)    
   > >>    
   >    
   > >   
   > > Hello Carlos E.R,    
   > >    
   > > That means the commands i have executed are applicable for IPTables and it   
   doesn't have any connection with SuSEfirewall2. Thanks for clarifying me.    
   > >    
   > > Now please let me know in Opensuse which one is better and let me know how   
   do i block IPs and allow access only to specific IPs?    
   > >    
   > > Example:    
   > > I have Jenkins web server (IP - 10.50.60.70) this server SSH port - 22,   
   and 80, 443 should be allowed to specific addresses.    
   > > Lets say (1.10.11.12.50 2.10.11.12.51, 3) 10.11.12.53).    
   > >    
   > > Only above three given IPs should allowed to access 22, 80 & 443 of   
   Jenkins web server.   
   > As others said, you use YaST.    
   >    
   >    
   > Or, edit /etc/sysconfig/SuSEfirewall2    
   >    
   > FW_TRUSTED_NETS="1.10.11.12.50,tcp,ssh 2.10.11.12.51,tcp,ssh \    
   > 1.10.11.12.50,tcp,http 2.10.11.12.51,tcp,http \    
   > 1.10.11.12.50,tcp,https 2.10.11.12.51,tcp,https \    
   > "    
   >    
   > Then run "SuSEfirewall2" to activate the changes (assuming you have it    
   > active by default already).    
   >    
   > --    
   > Cheers, Carlos.   
      
   Hello Carlos,   
   I have edited the /etc/sysconfig/SuSEfirewall2 file then added the below   
   content   
      
   FW_TRUSTED_NETS="10.11.12.50,tcp,ssh 10.11.12.51,tcp,ssh \   
   10.11.12.50,tcp,http 10.11.12.51,tcp,http \   
   10.11.12.50,tcp,https 10.11.12.51,tcp,https \   
   "   
   To activate executed “SuSEfirewall2” on terminal, Now (http & https)   
   working as excepted. But (ssh port -22) access works even other than above   
   enabled IPs.    
      
   Still am i missing something?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)