Displaying 12 results from an estimated 12 matches for "allowtrcrt".
2005 Jan 10
5
Traceroute unblocking, single interface, policy drop
...ads:-
#SOURCE DEST POLICY LOG LEVEL
LIMIT:BURST
fw net DROP info
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
In the rules file I have:
AllowTrcrt net fw
AllowTrcrt fw net
ACCEPT fw net icmp 11
ACCEPT net fw icmp 11
Yet traceroute requests are not honoured coming into this box:-
Jan 10 11:37:00 nwww kernel: Shorewall:net2all:DROP:IN=...
2005 Jun 08
2
policy or rules
...ACCEPT info
all bb1 ACCEPT info
all net ACCEPT info
Will everybody be able to access $FW (if any services in $FW is running)
Or I''ve to speficy all of them one by one with the rules?
AllowPing all all
AllowTrcrt all all
Regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCpm+rV0p9slMZLW4RAgh0AKDuJevDnWZLlGTjxAN3EwUkBiHbcQCgknpT
+zmvWf2nsdhcUwZBHdnQvU8=
=UZNm
-----END PGP SIGNATURE-----
2005 Jan 12
1
Shorewall 2.0.15
My sincere apologies for the messed up 2.0.14. I didn''t realize that I
had merged a change from 2.2.0 but hadn''t tested it.
http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15
ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15
1. The range of ports opened by the AllowTrcrt action has been expanded
to 33434:33524 to allow for a maximum of 30 hops.
2. Code mis-ported from 2.2.0 in release 2.0.14 caused the following
error during "shorewall start" where SYN rate-limiting is present in
/etc/shorewall/policy:
Bad argument `DROP''
Tr...
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
...date = xINCLUDE '']''
+ echo ''AllowRdate #Allow remote time (rdate).''
+ read first rest
+ ''['' xAllowNNTP = xINCLUDE '']''
+ echo ''AllowNNTP #Allow network news (Usenet).''
+ read first rest
+ ''['' xAllowTrcrt = xINCLUDE '']''
+ echo ''AllowTrcrt #Allows Traceroute (20 hops)''
+ read first rest
+ ''['' xAllowSNMP = xINCLUDE '']''
+ echo ''AllowSNMP #Allows SNMP (including traps)''
+ read first rest
+ ''['' xAl...
2005 Feb 02
1
Masq errors?
....AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Deleting user chains...
Setting up Accounting...
Creating Interfa...
2005 Jan 17
1
Shorewall 2.2.0 RC5
...1
I''m hoping that this will be the last RC and that I can release 2.2.0 on
February 1. I appreciate your help in testing this RC.
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5
Problems Corrected:
1. The AllowTrcrt action has been changed to allow up to 30 hops
(same as default for ''traceroute''). Previously, the action was
documented as allowing 20 hops but actually only allowed for 6 hops.
2. Using some lightweight shells, valid entries in /etc/shorewall/ecn
produce startup errors.
New...
2005 Apr 09
12
aMule
Hi!
I don;t know what i am doing wrong because i have still Low ID on aMule. I
have action.AllowaMule and accept tcp 4662:4771 and udp 4672.
Thanks,
Mitja
2004 Aug 30
6
Shorewall upgrade messed up my firewall
....AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Processing /etc/shorewall/rules...
Rule "ACCEPT fw net t...
2004 Sep 13
5
Config problems
...ction.AllowVNC...
Pre-processing
/usr/share/shorewall/action.AllowVNCL...
Pre-processing
/usr/share/shorewall/action.AllowNTP...
Pre-processing
/usr/share/shorewall/action.AllowRdate...
Pre-processing
/usr/share/shorewall/action.AllowNNTP...
Pre-processing
/usr/share/shorewall/action.AllowTrcrt...
Pre-processing
/usr/share/shorewall/action.AllowSNMP...
Pre-processing
/usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing
/usr/share/shorewall/action.Reject...
Validating rules file...
Rule "ACCEPT net fw tcp 22" che...
2004 Aug 12
1
SMTP, IP, WHM news problems....
...are/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw icmp 8" added.
R...
2005 Jun 24
6
Is it that difficult?
Hello,
You will find in attachment the layout of my
current physical configuration.
For now, the Cable ISP is not used. Since it
is a dynamic ISP, my mailserver is rejected and
my domain name registers on blacklists like ORDB
and al.
I want it to be used as a default gateway except
for my mail server that would be seen as coming
from my "honest" ADSL ISP.
Here is