Well, you don't have the be an iptables expert to configure the firewall in SuSE. That's the whole point of the SuSEfirewall script.
I have to agree, if you haven't written any iptable rules yourself, the "iptables -L" output is confusing to say the least.
You can configure the firewall in YaST, or edit /etc/sysconfig/SuSEfirewall2 with a text editor.
I've written my own iptable scripts in the past, but I'm glad SuSEfirewall2 does the job too. It never misses anything
My system sits behind a NAT router, so I only have one interface configured.
Some background on iptables:
How to read the "iptables -L" output:
1. each incoming and outgoing network packet passes through a number of "chains", or "tables".
( there are different types: nat, filter and mangle. the "filter" type does the firewall work)
2. incoming packets start at the "INPUT" chain, outgoing at the "OUTPUT" chain.
3. the packet passes all rules, until one matches.
4. finally, the packet either ends in a "ACCEPT", "DROP" or "REJECT" target.
instead of "iptables -L -v", try "iptables-save", that output is more compact and detailed.
The formatting of the iptables-save output is identical to the parameters passed at the commandline "iptables" program.
The arguments have the following meaning:
-A : append, adds a new rule
-i : defines the incoming network interface the rule applies to
-o : defines the outgoing network interface the rule applies to
-m : passes the packet through a module, often with it's own parameters
-j : jumps to another target or chain (e.g. the input_ext chain, or the ACCEPT target)
the packet returns to the previous chain if none of the rules matched.
-p : defines the network protocol the rule applies to
--dport : defines the network port the rule applies to
As example, the following line adds a new rule to the "input_ext" chain,
all incoming packets received at tcp port 80 (that's http) are accepted.
Code:
iptables -A input_ext -p tcp -m tcp --dport 80 -j ACCEPT
hopefully you'll be able to understand some of the "iptables-save" output now.
If you have any questions, I'd like to know them.