I have suse 9.3. Here are my settings:
Internal zone configured - all ports and services open
Demiliterized zone - not set up
External zone - not set up

With the above settings, I guess you could say I have no firewall running. Here is want I want to set up:
Open internal zone with router
Suse and xp boxes on internal lan network
Set up firewall to block mallicious traffic from internet.

Is there an easy way to configure suse for the above basic settings?

doesn't suse come with a nice GUI for firewall configuration??

Yes, it does have a nice graphical interface. However, I need to know what each zone should be set for and how the firewall works. Example: does it prompt me to allow questionable traffic? Do I get some kind of alert. What about security settings? Does that affect the fiewall???? What is the demiliterized zone???? The nice graphical interface does not answer all those questions.

well, the GUI is just a front-end for the iptables program, so if you wanna learn how it works then reading-up on iptables will do you lots of good...

as for the zones, well, a very common setup is the one with 3 zones... each zone corresponds to an interface, mind you, so we are talking about a box with 3 network cards in it... typically the zones in such a box are set as:

- External/Internet Zone
- LAN (Local Area Network)
- DMZ (De-Militarized Zone)

in a nutshell, new incoming connections are blocked in the EXT and LAN, while some incoming connections are allowed in the DMZ... the idea being that you don't want anyone on the Internet to be able to connect to anyone in your LAN, but you DO want them to be able to connect to the servers in your DMZ... and that's an important point: DMZs are usually where servers are placed...

since the boxes in the DMZ receive incoming connections from the outside world, they have their own amount of risk and stuff, so by having your servers on a zone SEPARATE from your LAN, you insulate your LAN from problems that might arise in the DMZ... like, say that (for example) a server on your DMZ gets hit by a wicked worm - the worm won't be able to propagate itself to your LAN, cuz it's in a different zone and you've (of course) implemented iptables rules which don't allow servers on the DMZ to be initiating connections to your LAN...

in fact, things like web servers and stuff like that on a DMZ don't even need the ability to establish any connections AT ALL - all connections will be initiated by the clients, which come in through the external/internet interface and get routed to the DMZ... so a cracker who cracks into your web server for example wouldn't be able to use it to connect to the outside world even if he has root access, cuz he still has to deal with the firewall... of course there's always variations and exceptions but you get the point...

you mean like zonealarm?? i'm not sure...

what i can tell you is that since it's just a front-end to iptables, it will probably give you the option of logging all unwelcome packets, so yeah, i assume it will give you the ability to see the syslog through the GUI... even if it doesn't, it's easy to look at the /var/log/syslog file on your own...

not sure what you mean, perhaps it's a suse-specific question, so i'll let someone with suse knowledge answer that...

see my description above, and also check this link:

http://en.wikipedia.org/wiki/Demilit...28computing%29

that's okay, the nice LQ community does...

Ok, that is the primer that I need. I will read all the references and try to apply what I learn to my system. Is there a malware program that can be recommended to scan for trojans,ect.? A graphical front end would be preferable, but I am also comfortable with the command line. Would tucows be a good source?

I read the links. My only firewall setting is local area network, since my box is not a server and the router would be the dmz? I enabled the usual protocals like http and https. There is a check box in the firewall gui to 'protect the internal zone'. When I checked it, I could not share files. Does that check box sound like a firewall lock down for the internal zone? If I was to read the system file for traffic, what message would alert me to blocked traffic from the firewall?

what box are you doing this on?? the router or a client on the LAN??

how many interfaces do you have??

I am trying to configure a desktop pc (a client on the lan). I am not doing anyhting to the router. I have a network between two pc boxes, one linux, the other xp via linksys router which is connected to a cable modem.

well if it's just a client on the LAN and you have a router/firewall for the LAN then you don't really need to set-up any firewall on the client to protect you from the external network...

sorry that i can't be of much assistance with this, as i have no idea how your graphical front-end works or what it's doing... it's best if someone who actually has used the suse firewall to jump-in and assist you... good luck...