The SuSEfirewall2 package can be installed with the following command:
$ sudo zypper install SuSEfirewall2
The SuSEfirewall2 service can be enabled with the following command:
$ sudo systemctl enable SuSEfirewall2.service
Verify "SuSEfirewall2" is configured to protect the SUSE operating system
against or limit the effects of DoS attacks.
Run the following command:
# grep -i fw_services_accept_ext /etc/sysconfig/SuSEfirewall2
FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
If the "FW_SERVICES_ACCEPT_EXT" rule does not contain both the
hitcount and blockseconds parameters, this is a finding.