search for: allowicmps

...hecking /etc/shorewall6/masq... Checking MAC Filtration -- Phase 1... Checking /etc/shorewall6/rules... Checking /etc/shorewall6/conntrack... Checking MAC Filtration -- Phase 2... Applying Policies... Checking /usr/share/shorewall6/action.Drop for chain Drop... Checking /usr/share/shorewall6/action.AllowICMPs for chain AllowICMPs... Checking /usr/share/shorewall6/action.Broadcast for chain Broadcast... Shorewall6 configuration verified root@xxxx:/etc/shorewall6# shorewall6 restart Compiling... Processing /etc/shorewall6/params ... Processing /etc/shorewall6/shorewall6.conf... Loading Modules... Compilin...

...39; xAllowSMTP = xINCLUDE '']'' + echo ''AllowSMTP #Allow SMTP (Email)'' + read first rest + ''['' xAllowPOP3 = xINCLUDE '']'' + echo ''AllowPOP3 #Allow reading mail via POP3'' + read first rest + ''['' xAllowICMPs = xINCLUDE '']'' + echo ''AllowICMPs #Allows critical ICMP types'' + read first rest + ''['' xAllowIMAP = xINCLUDE '']'' + echo ''AllowIMAP #Allow reading mail via IMAP'' + read first rest + ''['' xAllow...

Hello, You will find in attachment the layout of my current physical configuration. For now, the Cable ISP is not used. Since it is a dynamic ISP, my mailserver is rejected and my domain name registers on blacklists like ORDB and al. I want it to be used as a default gateway except for my mail server that would be seen as coming from my "honest" ADSL ISP. Here is

...n.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3... Pre-processing /usr/share/shorewall/action.AllowICMPs... Pre-processing /usr/share/shorewall/action.AllowIMAP... Pre-processing /usr/share/shorewall/action.AllowTelnet... Pre-processing /usr/share/shorewall/action.AllowVNC... Pre-processing /usr/share/shorewall/action.AllowVNCL... Pre-processing /usr/share/shorewall/action.AllowNTP...

...----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11 In addition to correcting several bugs, this version adds the following features: 1) The default Drop and Reject actions now invoke the new standard action ''AllowICMPs''. This new action accepts critical ICMP types: Type 3 code 4 (fragmentation needed) Type 11 (TTL exceeded) 2) Explicit control over the kernel''s Martian logging is now provided using the new ''logmartians'' interface option. If you include ''...

...termining Hosts in Zones... fw (firewall) wan (ipv4) eth0:0.0.0.0/0 Preprocessing Action Files... Pre-processing /usr/share/shorewall/action.Drop... ..Expanding Macro /usr/share/shorewall/macro.Auth... ..End Macro /usr/share/shorewall/macro.Auth ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... ..End Macro /usr/share/shorewall/macro.AllowICMPs ..Expanding Macro /usr/share/shorewall/macro.SMB... ..End Macro /usr/share/shorewall/macro.SMB ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... ..End Macro /usr/share/shorewall/macro.DropUPnP ..Expanding Macro /usr/share/shorewall/m...

...ng hosts file... Validating Policy file... Determining Hosts in Zones... net Zone: eth0:0.0.0.0/0 Pre-processing Actions... Pre-processing /usr/share/shorewall/action.Drop... ..Expanding Macro /usr/share/shorewall/macro.Auth... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.AllowICMPs... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.SMB... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropUPnP... ..End Macro ..Expanding Macro /usr/share/shorewall/macro.DropDNSrep... ..End Macro Pre-processing /usr/share/shorewall/action.Reject......

....0/0 20 1740 fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 798 70693 fw2modem all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AllowICMPs (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 Chain AllowSMB (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0...

...0.0.0.0/0 > 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' > 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 > > Chain AllowICMPs (2 references) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 > 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0....

...n.comcast.net 2.6.12-12mdk #1 Fri Sep 9 18:15:22 CEST 2005 i686 AMD Duron(tm) unknown GNU/Linux shorewall version output: 2.4.1 shorewall status: Shorewall-2.4.1 Status at pcp08479598pcs.spedwy01.in.comcast.net - Thu Dec 8 06:04:45 EST 2005 Counters reset Wed Dec 7 08:10:49 EST 2005 Chain AllowICMPs (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 Chain Drop (1 references) p...

...ences) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 Chain AllowICMPs (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 i...

...</snip> ''allicmp-to-host'': source => ''all'', destination => ''$FW'', order => 40020, action => ''AllowICMPs/ACCEPT''; ''allow ssh'': source => ''net'', protocol => ''tcp'', destinationport => ''22'', order =>...

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

...* 0.0.0.0/0 0.0.0.0/0 7 1014 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:DROP:'' 7 1014 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AllowICMPs (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0...