SuSEfirewall: odd situation

[steeles]

I am replacing an old firewall server which is running SuSe 9.2 with a new firewall server (SuSE 10.2), all the configuration are the same, basically I copy susefirewall2 over, which contains all config of firewall.

port 22 was open, so I can do "scp", now it gets blocked? is there any new rule from 10.2?

[framp]

I have 9.3 on my firewall and 10.2 on my desktop. I queried the SuSEfirewall2 versions and got

Code:

gateway:~ # rpm -qa | grep SuSEfirewall2
SuSEfirewall2-3.3-18.2
obelix:~ # rpm -qa | grep SuSEfirewall2
SuSEfirewall2-3.5_SVNr159-4
obelix:~ #

So there are different versions and I expect there are changes in the configuration. So you have to go step by step through your old 9.2 config and update the new 10.2 config accordingly. But that's what I would do in any case to have the sensible firewall settings under control and to make sure the firewall is well configured.

[steeles]

Thanks for the tip.

The new SuSEfirewall2 can read all configuration from old version, and there is a little grammar change, but I think the rule stay unchanged, and for lower level, it is also using IPTABLES to restrict traffic.

Will it be SSHD configuration issue?

[framp]

... but I think the rule stay unchanged...

You have to compare the generated iptables rules to know for sure whether this statment is true

Did you check /var/log/firewall for error messages for port 22? They might help to solve the problem.