Jan Schermer wrote:> Hi, > I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just > to be sure it''s not pebkac). The IPP2P support is broken, line like: > > DROP loc net ipp2p > > generates: > > iptables -A loc2net -j DROP > > that''s _wrong_ :) > > i have tried playing with debug to no avail, and I''m not that good at > bashing...Please try the ''firewall'' script from CVS (Shorewall2/) -- place the script in /usr/share/shorewall/firewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the machines is attached. btw if any of you have any hint on setting up P2P filtering, or some good howto, please send a link. I had some limited success with ipp2p, but nowhere near perfect (it just doesn''t catch most of the traffic and doesn''t seem to work at all on one machine - no matches). Thank you Jan
P.S. just so that you don''t look for it in the status.txt - I don''t have ipp2p-enabled ruleset loaded for apparent reasons, but I can provide if anybody needs it, this is the actual ruleset with only ipp2p ommited... Jan Jan Schermer wrote:> Hi, > I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just > to be sure it''s not pebkac). The IPP2P support is broken, line like: > > DROP loc net ipp2p > > generates: > > iptables -A loc2net -j DROP > > that''s _wrong_ :) > > i have tried playing with debug to no avail, and I''m not that good at > bashing... > > just to be complete, the suggested status.txt from one of the machines > is attached. > > btw if any of you have any hint on setting up P2P filtering, or some > good howto, please send a link. I had some limited success with ipp2p, > but nowhere near perfect (it just doesn''t catch most of the traffic and > doesn''t seem to work at all on one machine - no matches). > > Thank you > > Jan > > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Yes, it works, thanks! Jan Tom Eastep wrote:> Jan Schermer wrote: > >>Hi, >>I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just >>to be sure it''s not pebkac). The IPP2P support is broken, line like: >> >>DROP loc net ipp2p >> >>generates: >> >>iptables -A loc2net -j DROP >> >>that''s _wrong_ :) >> >>i have tried playing with debug to no avail, and I''m not that good at >>bashing... > > > Please try the ''firewall'' script from CVS (Shorewall2/) -- place the > script in /usr/share/shorewall/firewall. > > -Tom