SuSEfirewall2 and certain domain suffix

Hello!

does anyone know if and how it is possible to allow the access to a certain
port from computers with a certain domain suffix (eg. XYZ.t-ipconnect.de) ?

THX a lot, Felix

In article <3f129b43$0$80167$(E-Mail Removed)>, Hans Wurst wrote:
> does anyone know if and how it is possible to allow the access to a certain
> port from computers with a certain domain suffix (eg. XYZ.t-ipconnect.de) ?

Many (probably MOST) of us here do not use SuSE. I would assume that
SuSEfirewall2 is a frontend for iptables. If so, no, that will not work
as a host specification. See "man iptables" where it explains "-s". Note
therein that you CAN use a network/netmask specification, so if all
*.t-ipconnect.de resolves to a single network, you can do this.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

On 14 Jul 2003, Hans Wurst <(E-Mail Removed)> wrote:
> Hello!
>
> does anyone know if and how it is possible to allow the access to a certain
> port from computers with a certain domain suffix (eg. XYZ.t-ipconnect.de) ?
>
> THX a lot, Felix

As has already been noted, SuSEfirewall2 (iptables) knows nothing about
hostnames.

I used to be able to use /etc/hosts.allow and hosts.deny to limit by hosts
or domains (man 5 hosts_access). Then in SuSE 7.3 that did not seem to
work (at least for ssh which is probably related to ipv6) and I had to use
IP ranges. Now in SuSE 8.2, even IP ranges don't seem to work (or maybe I
don't understand which sshd variant listed in hosts.allow to use) so I
basically put ALL: UNKNOWN in hosts.deny. But my hardware gateway only
lets in ssh, smtp (postfix) and http and ssh requires keys only (passwords
not allowed), so I do not feel too insecure.

--
David Efflandt - All spam ignored http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://cgi-help.virtualave.net/ http://hammer.prohosting.com/~cgi-wiz/