search for: adminisabsentminded

Hello. I'm getting trouble with the ADMINISABSENTMINDED option, it doesn't seem to work as stated in the manual. When using the default ADMINISABSENTMINDED=Yes and no routestopped file, here are the firewall state after executing shorewall stop : Chain INPUT (policy DROP 473 packets, 106K bytes) pkts bytes target prot opt in...

hi, while stopping shorewall 4.5.21.2 on a debian7 box with the ADMINISABSENTMINDED set to no in shorewall.conf, the connections on vlan tagged interfaces that were active before the shorewall stop command was executed are not terminated as it is for the firewall and other interfaces! when the firewall is stopped as expected new connections on vlan tagged interface are refuse...

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

...handles traffic during a ''shorewall restart'': i''ve found that whenever i do this on one of my clustered firewalls, i get a huge number of errors in syslog relating to heartbeat timeouts. I''ve got the other cluster node in the routestopped file on both nodes, and ADMINISABSENTMINDED=Yes in shorewall.conf, but it still gives me errors like these: Jan 7 10:10:13 fwA heartbeat[13997]: ERROR: Error sending packet: Operation not permitted Jan 7 10:10:13 fwA heartbeat[13997]: ERROR: write failure on ping 192.168.0.43.: Operation not permitted Jan 7 10:10:14 fwA heartbeat[13991]:...

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

...;' and ''reject'' used to do; namely, when an address is blacklisted using these new commands, it will be blacklisted on all of your firewall''s interfaces. 2) Thanks to Steve Herber, the help command can now give command-specific help. 3) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. This option has a default value of "No" for existing Shorewall users who are upgrading to this release. With this setting, Shorewall''s ''stopped'' state continues as it has been; namely, in the sto...

...e Herber, the help command can now give command-specific help. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. For existing users, this option has a default value of "No" in which case Shorewall''s ''stopped'' state continues as it has been; namely, in the stopped state only traffic to/from hosts listed in...

...nstable tree. This was on the www.shorewall.net mirror server. And, to my horror, after upgrading the package, it automatically restarted shorewall! Of course I have done this before, but I absent-mindedly just went through the usual procedure for debian upgrades without thinking about it. (note: adminisabsentminded=yes in shorewall.conf :) Luckily, no side effects, as it was a 2.0.0(x-1) - 2.0.0(x) upgrade. I do know that auto restarts are the usual behavior for most debian packaged services, but many prompt for authorization. So anyways, maybe it might be safer to prompt for a restart, or simply to post a...

...atic, the ''dropunclean'' and ''logunclean'' interface options will be removed in a future release. In the 1.4.7 release, they are flagged with a warning. 2) Thanks to Steve Herber, the help command can now give command-specific help. 3) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. This option has a default value of "No" for existing Shorewall users who are upgrading to this release. With this setting, Shorewall''s ''stopped'' state continues as it has been; namely, in the sto...

...39;' and ''reject'' used to do; namely, when an address is blacklisted using these new commands, it will be blacklisted on all of your firewall''s interfaces. 2) Thanks to Steve Herber, the help command can now give command-specific help. 3) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. This option has a default value of "No" for existing Shorewall users who are upgrading to this release. With this setting, Shorewall''s ''stopped'' state continues as it has been; namely, in the sto...

...39;' and ''reject'' used to do; namely, when an address is blacklisted using these new commands, it will be blacklisted on all of your firewall''s interfaces. 2) Thanks to Steve Herber, the help command can now give command-specific help. 3) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. This option has a default value of "No" for existing Shorewall users who are upgrading to this release. With this setting, Shorewall''s ''stopped'' state continues as it has been; namely, in the sto...

...atic, the ''dropunclean'' and ''logunclean'' interface options will be removed in a future release. In the 1.4.7 release, they are flagged with a warning. 2) Thanks to Steve Herber, the help command can now give command-specific help. 3) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. This option has a default value of "No" for existing Shorewall users who are upgrading to this release. With this setting, Shorewall''s ''stopped'' state continues as it has been; namely, in the sto...

Hi, i have been using shorewall for 3 months, and shorewall was working well, but i don''t know why, when I type "shorewall start" o "shorewall restart", it says that. I have two files of rules: The first: DNS/ACCEPT net:208.67.222.222,208.67.220.220 The second: DNS/ACCEPT net:208.67.222.222,208.67.220.220 HTTP/ACCEPT net:www.google.com,mail.google.com,...

...ULESDIR= CONFIG_PATH=/etc/shorewall/action:/etc/shorewall/custom:/etc/shorewall:/usr/share/shorewall FW=fw IP_FORWARDING=Off ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=No BLACKLISTNEWONLY=No MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP [root@hn00dmz01 root]# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:...

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

...ot; MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= IPSECFILE=zones FW= IP_FORWARDING=Keep ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP...

...b/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes DROPINVALID=Yes RFC1918_STRICT=No MACLIST_TTL= BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP /etc/shorewall/start: (not configured) /etc/shore...

...STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=yes ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP #LAST LINE -- DO NOT REMOVE START: ---------------------------------------------------------------------------- -------...

...9;' RCP_COMMAND=''scp ${files} ${root}@${system}:${destination}'' IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal TC_EXPERT=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No IMPLICIT_CONTINUE=Yes HIGH_ROUTE_MARKS=No USE_ACTIONS=Yes OPTIMIZE=0 EXPORTPARAMS...