And another little buglet: When adding rules, you can’t put anything in the “Comment” field, or you’ll get a:
/*
Flushing firewall rules: [[ OK ]]
Setting chains to policy ACCEPT: nat mangle filter [[ OK ]]
Unloading iptables modules: [[ OK ]]
Applying iptables firewall rules: iptables-restore v1.2.11: Couldn’t load match `comment’:/lib/iptables/libipt_comment.so: cannot open shared object file: No such file or directory
Error occurred at line: 22
Try `iptables-restore -h’ or ‘iptables-restore --help’ for more information.
[[FAILED]]
*/
Yes, I’m working on adding firewall configuration to the installer. It’s just not easily abstracted out, since SUSE uses a completely different configuration file than everyone else. But I expect the next release of the virtualmin-base will handle the Red Hat based systems, and I’ll work on SUSE whenever I get a chance.
I haven’t seen the comment issue before. I’m certain the default configuration has the comment syntax right on my systems, but maybe something broke in the latest version of two of Webmin.
You’re quite right and the example firewall rules I posted in another thread William started cover UDP*. Though apparently there can also be TCP traffic known as DNS/TCP, so I always open it up–and I do find that it gets hit on every server I have that provides DNS service. I have no idea if my DNS servers actually provide TCP DNS service…but I do see TCP traffic.