search for: allowp

Sorry for the frantic nature of this message, but we need to allow pings on our firewall so our ISP can test things. I''ve done this, and it still doesn''t work: (I am now at v.2.0.10) rules: AllowPing net fw AllowPing sls fw show indicates some matches, so where are they? Chain AllowPing (4 references) pkts bytes target prot opt in out source destination 1144 70108 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icm...

...ternal interface to begin troubleshooting the network configuration. I know that the ISP''s router is configured correctly since I have attached it to a small Linksys firewall and was able to ping the 66.240.207.226 from another external network. According to the documentation I can add AllowPing to the file /etc/shorewall/action.Drop or etc/shorewall/action.Reject. Unfortunately neither of these files reside in the documented location namely /etc/shorewall although they can be found in /usr/share/shorewall. Is my installation incorrect or is the doumnetation incorrect regarding the l...

...SPT=631 DPT=631 LEN=88 Specifically, it''s the "AllowWOL" portion of the output that bothers me, since these aren''t log entries from the AllowWOL action, but from the AllowIPP action. Background: My /etc/shorewall/rules has the following (relevant) entries: ... AllowPing:ULOG fw all AllowWOL:ULOG loc all AllowWOL:ULOG fw all ... AllowIPP loc loc AllowIPP fw loc AllowIPP loc fw ... The AllowPing is the standard action, and is the only other ULOG-ed...

...ll bb0 ACCEPT info all bb1 ACCEPT info all net ACCEPT info Will everybody be able to access $FW (if any services in $FW is running) Or I''ve to speficy all of them one by one with the rules? AllowPing all all AllowTrcrt all all Regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFCpm+rV0p9slMZLW4RAgh0AKDuJevDnWZLlGTjxAN3EwUkBiHbcQCgknpT +zmvWf2nsdhcUwZBHdnQvU8= =UZNm -----END PGP SIGN...

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

...;]'' + echo ''#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/'' + read first rest + ''['' x# = xINCLUDE '']'' + echo ''# PORT PORT(S) DEST LIMIT GROUP'' + read first rest + ''['' xAllowPing = xINCLUDE '']'' + echo ''AllowPing all all'' + read first rest + ''['' xACCEPT = xINCLUDE '']'' + echo ''ACCEPT net fw tcp 9322'' + read first rest + ''['' x#LAST = xINCLUDE '']''...

I''m getting my zones confused. Help. I need to have a bunch of systems using OpenVPN to gain an IP in the virtual subnet 10.100.1.0/24, on interface tun0. I will then route whole subnets to those IPs, like 10.100.2.0/24 via 10.100.1.12, etc. I want to have a policy for: - all hosts behind tun0 - all hosts in 10.100.1.0/24 - individual subnets being routed through IPs in

Hello, I am stumped on a problem I am having with Shorewall 2.0.1 on Mandrake 10. My setup is as follows. I have a /28 and have assiigned all ip addresses to my firewall using aliases. I am able to setup rules to allow specific traffic to specfic ip addresses on the firewall like so: ACCEPT net:w.x.y.z $FW:w.x.y.z tcp 22 This works great for TCP and UDP traffic. I can

...ll2/ -- configuration files /usr/share/shorewall2/ -- shared files Both Shorewall and Shorewall2 use the same state directory. /etc/shorewall/actions.std defines the actions that I release and currently contains just the actions I need to replace the ''common'' chain (plus AllowPing) which I personally like). # # Shorewall 2.0 /etc/shorewall/actions.std # # DropBcast #Silently Drops Broadcast Traffic DropSMB #Silently Drops Microsoft SMB Traffic RejectSMB #Silently Reject Microsoft SMB Traffic DropUPnP #Silently Drop UPnP Probes DropNonSyn #...

...se shorewall 2.2.3 with four network interfaces comprising of three zones. I am able to ping some servers from the internet(net-zone) and not others. I do not want to allow ping by default from internet. I have not copied the files action.drop and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules file. The policy file is pasted below. #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST #loc net ACCEPT net all DROP info dmz0 net ACCEPT info dmz1 net ACCEPT info fw net ACCEPT info fw dmz0 ACCEPT info fw dmz1 ACCEPT info dmz0 fw ACCEPT info dmz1 fw ACCEP...

...all REJECT info #LAST LINE -- DO NOT REMOVE /etc/shorewall/rules #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP AllowPing loc fw AllowPing fw net AllowPing fw loc REDIRECT loc 3128 tcp www - ACCEPT net fw tcp 80,443,53,22,20,21,25,109,110,113,143,783,5190,10000,4662,2082,2095,81,119 - ACCEPT net fw udp 53,5722,2082,2...

...0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AllowPing (7 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 Chain Drop (3 references) pkts bytes target prot opt in out source destination 189 26286 Re...

...tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 Chain AllowFTP (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 Chain AllowPOP3 (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9...

...ns.org; you''ll find the details there.  Here are my rules: ACCEPT  loc     net:192.168.1.1,192.168.1.249,192.168.1.250 ACCEPT  net:192.168.1.1,192.168.1.249,192.168.1.250     loc ACCEPT  loc     net     tcp     smtp ACCEPT  loc     net     tcp     http ACCEPT  loc     net     tcp     ftp AllowPing       loc     net ACCEPT  loc     net     tcp     pop3 AllowSSH        loc     fw AllowSSH        net     fw AllowPing       loc     fw AllowPing       fw      loc AllowPing       fw      net ACCEPT          net:192.168.1.248,192.168.1.249,192.168.1.250   fw AllowSMB        loc     net AllowSMB...

...loc ACCEPT fw svr ACCEPT fw ogo ACCEPT all all DROP - providers: SVR 1 1 main eth1 IP.OF.SVR.GW track (?) eth0 OGO 2 2 main eth2 IP.OF.OGO.GW track (?) eth0 - zones: svr svr svr ogo ogo ogo loc loc loc - rules: AllowPing svr fw AllowSSH svr fw AllowFTP svr fw AllowSMTP svr fw AllowPing ogo fw AllowSSH ogo fw AllowFTP ogo fw AllowSMTP ogo fw So, the main Q is: if I use PBR via "ip route" command from the script, will the above files do exactly what I wan...

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

Hello, all. I''ve been trying to get shorewall to get LISa working on my Gentoo box. It works as long as I have shorewall turned off, but whenever I turn it on, it seems to block all LISa activity. I have TCP port 7741 opened (as per lisa-home.sourceforge.net), and nmap says it''s open. Ethereal indicates that LISa is communicating via TCP port 7741, from 127.0.0.1 to

...RejectSMB... Pre-processing /usr/share/shorewall/action.DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB.....

...Rules #################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP AllowPing loc fw AllowPing fw net RejectAuth net fw RejectAuth fw net AllowDNS fw net #AllowFTP fw net AllowWeb fw net REJECT loc net tcp 80,443 # # squid ACCEPT loc fw tcp 3128 # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS O...

This rule with a long name and logging: AllowInternetPrintingProtocol:debug causes this iptables error: Processing /etc/shorewall/rules... Rule "AllowSSH:info net fw" added. Rule "AllowPing:info net fw" added. Rule "AllowWeb:debug net fw" added. iptables v1.2.9: Maximum prefix length 29 for --log-prefix Try `iptables -h'' or ''iptables --help'' for more information. Fixing this means checking the length of the expansion of the...