SuSEfirewall2 - Stateful Packet Filter Using iptables and netfilter

Property Value
Distribution openSUSE Leap 42.2
Repository openSUSE Update Oss all
Package name SuSEfirewall2
Package version 3.6.312
Package release 5.9.1
Package architecture noarch
Package type rpm
Installed size 277.00 KB
Download size 69.00 KB
Official Mirror
SuSEfirewall2 implements a packet filter that protects hosts and
routers by limiting which services or networks are accessible on the
host or via the router.
SuSEfirewall2 uses the iptables/netfilter packet filtering
infrastructure to create a flexible rule set for a stateful firewall.


Package Version Architecture Repository
SuSEfirewall2-3.6.312-5.12.1.noarch.rpm 3.6.312 noarch openSUSE Update Oss
SuSEfirewall2-3.6.312-5.6.1.noarch.rpm 3.6.312 noarch openSUSE Update Oss
SuSEfirewall2-3.6.312-5.3.1.noarch.rpm 3.6.312 noarch openSUSE Update Oss
SuSEfirewall2-3.6.312-4.4.noarch.rpm 3.6.312 noarch openSUSE Oss
SuSEfirewall2 - - -


Name Value
/bin/bash -
/bin/sed -
coreutils -
diffutils -
filesystem -
fileutils -
fillup -
grep -
insserv -
iptables -
perl -
perl-Net-DNS -
sed -
sysconfig -
systemd -
textutils -


Name Value
SuSEfirewall2 = 3.6.312-5.9.1
config(SuSEfirewall2) = 3.6.312-5.9.1


Type URL
Binary Package SuSEfirewall2-3.6.312-5.9.1.noarch.rpm
Source Package SuSEfirewall2-3.6.312-5.9.1.src.rpm

Install Howto

Install SuSEfirewall2 rpm package:

# zypper install SuSEfirewall2




2017-10-19 -
- rpcinfo: fixed security issue with too open implicit portmapper rules
(bnc#1064127, CVE-2017-15638): A source net restriction for _rpc_ services
was not taken into account for the implicitly added rules for port 111,
making the portmap service accessible to everyone in the affected zone.
2017-07-28 -
- follow-up bugfix for bnc#946325:
Removed bogus nfs alias units, added correct nfs-client target in
The nfs alias units are false friends, because they don't fix the startup
ordering between nfs and SuSEfirewall2.
The missing nfs-client target could cause nfs mounts for nfs versions < 4.1
to be unable to receive callbacks from the server, when the nfs client was
started before the SuSEfirewall2 was started on boot.
renamed 0007-fix-nfs-server-dependency.patch to
0007-fix-nfs-dependencies.patch to fix both client and server issues
2017-07-25 -
- correct boot order between SuSEfirewall2 and nfs-server to fix bnc#946325,
bsc#963740. Without this fix the NFS server ports might not have been
correctly opened after boot when both SuSEfirewall2 and nfs-server have been
enabled in systemd.
2017-07-17 -
- improve/fix consideration of sysctl values in the system (bnc#1044523).
SuSEfirewall2 will now also check for existing configuration in sysctl.d
style directories in some default locations. Custom directories can be
configured via the new configuration variable FW_SYSCTL_PATHS. This is a
follow-up to (bnc#906136).
2017-03-21 -
- Install symlink to SuSEfirewall2 with the updated SUSE spelling
(bsc#938727, FATE#316521)
- and SuSEfirewall2 have a loop, remove it bsc#961258
- ignore the bootlock when incremental updates for hotplugged or virtual
devices are coming in during boot. This prevents lockups for example when
drbd is used with FW_BOOT_FULL_INIT. (bnc#785299)
- support for IPv6 in FW_TRUSTED_NETS config variable. (bnc#841046)
- don't log dropped broadcast IPv6 broadcast/multicast packets by default to
avoid cluttering the kernel log. (bnc#847193)
- only apply FW_KERNEL_SECURITY proc settings, if not overriden by the
administrator in /etc/sysctl.conf (bnc#906136). This allows you to benefit
from some of the kernel security settings, while overwriting others.
- fixed a race condition in systemd unit files that could cause the
SuSEfirewall2_init unit to sporadically fail, because /tmp was not
there/writable yet. (bnc#1014987)
2014-08-15 -
- hosting moved to
- added a sysvinit -> systemd conversion hack (bnc#891669)
2014-07-31 -
- SuSEfirewall2, ACCEPT from services is a local variable, otherwise
"ACCEPT" would be used a service name (bnc#889406 bnc#889555 bnc#887040)
2014-06-11 -
2014-05-27 -
- Allow incoming DHCPv6 replies, currently unlimited.
- typo fix customary -> custom bnc#835677
2013-12-27 -
- add perl-Net-DNS requires for "SuSEfirewall2 log" (bnc#856705)

See Also

Package Description
SuSEfirewall2-fail2ban-0.9.7-2.3.1.noarch.rpm Files for integrating fail2ban into SuSEfirewall2 via systemd
WindowMaker-applets-1.0.1-4.3.1.x86_64.rpm Window Maker Applets
a52dec-0.7.5+svn613-4.1.x86_64.rpm ATSC A/52 stream decoder library
aaa_base-13.2+git20140911.61c1681-24.3.1.x86_64.rpm openSUSE Base Package
aaa_base-extras-13.2+git20140911.61c1681-24.3.1.x86_64.rpm SUSE Linux Base Package (recommended part)
aaa_base-malloccheck-13.2+git20140911.61c1681-24.3.1.x86_64.rpm SUSE Linux Base Package (malloc checking)
abxtest-0.15.2b-2.1.x86_64.rpm Double-blind ABX comparison testing script
acct-6.6.2-9.3.1.x86_64.rpm User-Specific Process Accounting
acpid-2.0.25-4.1.x86_64.rpm Executes Actions at ACPI Events
agrep-0.8.0_git201402282055-7.3.1.x86_64.rpm Another powerful grep with interesting features
akonadi-4.14.10-6.5.1.x86_64.rpm KDE Resources for PIM Storage Service
akonadi_resources-16.08.2-2.2.1.x86_64.rpm KDE Resources for PIM Storage Service
akonadi_resources-16.08.2-2.5.3.x86_64.rpm KDE Resources for PIM Storage Service
akregator-4.14.10-6.5.1.x86_64.rpm RSS Feed Reader
akregator5-16.08.2-2.2.1.x86_64.rpm RSS Feed Reader