search for: adminisabsentmindes

Hello. I'm getting trouble with the ADMINISABSENTMINDED option, it doesn't seem to work as stated in the manual. When using the default ADMINISABSENTMINDED=Yes and no routestopped file, here are the firewall state after executing shorewall stop : Chain INPUT (policy DROP 473 packets, 106K bytes) pkts bytes target prot opt in out source destination

hi, while stopping shorewall 4.5.21.2 on a debian7 box with the ADMINISABSENTMINDED set to no in shorewall.conf, the connections on vlan tagged interfaces that were active before the shorewall stop command was executed are not terminated as it is for the firewall and other interfaces! when the firewall is stopped as expected new connections on vlan tagged interface are refused but even

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3)

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command.

Hello, I just did a quick ''apt-get update'' then ''apt-get install shorewall'' from the debian unstable tree. This was on the www.shorewall.net mirror server. And, to my horror, after upgrading the package, it automatically restarted shorewall! Of course I have done this before, but I absent-mindedly just went through the usual procedure for debian upgrades

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Release Notes are attached Changes since last Snapshot: a) The per-interface dynamic blacklisting chains are now displayed by "shorewall monitor" b) IP Traffic Accounting support has been added. c) Rules may now be rate-limited. d) Bridge interfaces (br[0-9]) may now appear in entries in the

Shorewall 1.4.7 is now available at: http://shorewall.net/pub/shorewall/shorewall-1.4.7 ftp://shorewall.net/pub/shorewall/shorewall-1.4.7 It will be available at your favorite mirror shortly. The release notes are attached. As always, many thanks go to Francesca Smith for updating the sample configurations for this release. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently

Hi, i have been using shorewall for 3 months, and shorewall was working well, but i don''t know why, when I type "shorewall start" o "shorewall restart", it says that. I have two files of rules: The first: DNS/ACCEPT net:208.67.222.222,208.67.220.220 The second: DNS/ACCEPT net:208.67.222.222,208.67.220.220 HTTP/ACCEPT net:www.google.com,mail.google.com,...

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi everybody. I''m sorry to bother you because I''m probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can''t get masq working. Maybe this is because

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi: I have a small infrastructure of network of local area, that are based on a computer, with computer and with a Point Access, with Debian Etch 4.0r1. With Shorewall 3.2.6-2. Well. Since I have two cards of network, which of which, I have left like that: Internet --> Router (217.126.221.65) --> eth1 (217.126.221.117) --> eth0 (LAN

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Hi all, I have a strange problem in trying to install a transparent proxy (in my internal net not on the shorewall server) according to the instructions as outlined in http://www.shorewall.net/Shorewall_Squid_Usage.html#Local My Network looks the following: Internal Net: 10.0.0.0/24 Squid Server listening on port 3128 (ip 10.0.0.152, DNS name server01) | |