Displaying 20 results from an estimated 20 matches for "clear_tc".
2004 Aug 16
1
CLEAR_TC=Yes & TC_ENABLED=No
...abled for testing and then to stop all
TC I changed TC_ENABLED=No.
But I started to wonder why shorewall restart did _not_ clear TC rules
after TC was disabled?
So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is
disabled automatically.
Question is: should TC_ENABLED=No disable CLEAR_TC? Now it''s doing so.
Shorewall is version 2.0.7.
- --
Tuomo Soini <tis@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev...
2003 Jan 14
3
Shorewall-1.3.13
Just some stuff that was laying around in CVS:
1. Added ''DNAT-'' target.
2. Print policies in ''check'' command.
3. Added CLEAR_TC option.
4. Added SHARED_DIR option.
[teastep@wookie Shorewall]$ cat releasenotes.txt
This is a minor release of Shorewall that has a couple of new features.
New features include:
1) A new ''DNAT-'' action has been added for entries in the
/etc/shorewall/rules file. DNAT- is i...
2004 Aug 07
11
Traffic shaping?
Ok, shaping on Linux is new to me.. so bear with me if i am just stupid.
curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^#
TCP_FLAGS_LOG_LEVEL=info
TC_ENABLED=Yes
CLEAR_TC=Yes
TCP_FLAGS_DISPOSITION=DROP
curtain:/etc/shorewall#
So it should be enabled, right?
---- tcrules ----
1 eth0 0.0.0.0/0 all
2 eth1 0.0.0.0/0 all
2 eth2 0.0.0.0/0 all
3 fw 0.0.0.0/0 all
20 192.168.0.161/32 0.0.0.0/0...
2004 Jul 02
0
Shorewall 2.0.3c
Fixes two problems:
* Error messages regarding $RESTOREBASE occur during shorewall stop.
* If CLEAR_TC=Yes in shorewall.conf, shorewall stop fails without
removing the lock file.
http://shorewall.net/pub/shorewall/shorewall-2.0.3c
ftp://shorewall.net/pub/shorewall/shorewall-2.0.3c
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
W...
2004 Apr 16
1
Traffic Shaping using Shorewall and WonderShaper
Hi Guys,
I''m asking this question again because I have exhausted resources
for understanding how to get it to work.
I''ve read the howto on getting traffic shaping to work (shorewall''s
web site) as well as trying out wondershaper''s htb and cbq scripts.
Somehow both does not seem to happen as I want it to.
I''ve also read through the lartc
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
...r/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall/action:/etc/shorewall/custom:/etc/shorewall:/usr/share/shorewall
FW=fw
IP_FORWARDING=Off
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=Yes
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=No
BLACKLISTNEWONLY=No
MODULE_SUFFIX=
DISABLE_IPV6=No
BRIDGING=No
DYNAMIC_ZONES=No
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSITION=DROP
[r...
2004 Dec 18
14
Traffic Control
So after reading the traffic control documentation at shorewall.net I am
a little confused. I don''t understand how to use the tcrules file.
What I would ideally like to do is setup htb on a per user basis (either
by IP or MAC address). If anybody has any hints on the best way to do
this or is willing to explain the use of tcrules file a little better
(how I could mark it per IP or MAC)
2006 Aug 29
3
masq problem
...H=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
IPSECFILE=zones
FW=
IP_FORWARDING=Keep
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=Internal
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
RFC1918_STRICT=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSE...
2007 Nov 10
2
Access Point with Ethernet.
...n:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIX=
DISABLE_IPV6=No
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
DROPINVALID=Yes
RFC1918_STRICT=No
MACLIST_TTL=
B...
2005 Apr 19
14
allow ssh access from net to fw?
.../sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=yes
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=
DISABLE_IPV6=No
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPO...
2004 Sep 02
3
Traffic shapping Bug ?
hello ,
i''m currently trying to set-up Traffic Shapping with Shorewall and I have strong
feelings that I found a bug.
I may be mistaken, but I tried everything and can''t get it to work.
I''ve turned ON TC_ENABLED=Yes and CLEAR_TC=Yes
when i start shorewall ( shorewall start ), i get this message :
Setting up Traffic Control Rules...
TC Rule "2 eth1 0.0.0.0/0 tcp 80 " added
iptables v1.2.9: unknown protocol `-j'' specified
Try `iptables -h'' or ''iptables --help'' for more informat...
2009 Jun 27
1
Transparent Proxy Problem with Squid3 and Shorewall
..."none"
NFQUEUE_DEFAULT="none"
RSH_COMMAND=''ssh ${root}@${system} ${command}''
RCP_COMMAND=''scp ${files} ${root}@${system}:${destination}''
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
RETAIN_ALIASES=No
TC_ENABLED=Internal
TC_EXPERT=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
DELAYBLACKLISTLOAD=No
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
RFC1918_STRICT=No
MACLIST_TABLE=filter
MACLIST_TTL=
SAVE_IPSE...
2013 Jun 13
3
"Multiple Internet Connections" with four interfaces
Hi,
I was reading document http://shorewall.net/MultiISP.html#idp3634200.
Inspired by the document I was trying to establish the following changes:
* one additional interface: COMA_IF
* COM[A,B,C]_IF interfaces request IP address via DHCP
* all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF
* all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default
* non-RFC 1918
2004 Oct 29
8
No entries in the syslog, even though the LOG chains show counts
...L=info
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
FW=fw
IP_FORWARDING=Keep
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
TC_ENABLED=No
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=No
CLAMPMSS=No
ROUTE_FILTER=Yes
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=No
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=
DISABLE_IPV6=No
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPOSI...
2013 Sep 10
6
lsm configuration issues...
...MAND=''scp ${files} ${root}@${system}:${destination}''
RSH_COMMAND=''ssh ${root}@${system} ${command}''
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
AUTO_COMMENT=Yes
AUTOMAKE=No
BLACKLISTNEWONLY=Yes
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=Yes
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
IMPLICIT_CONTINUE=Yes
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
LEGACY_FASTSTART=Yes
LOAD_HELPERS_ONLY=No...
2005 Jan 08
8
Shorewall problem, perhaps with PPPoE
I have what strikes me as an odd problem with shorewall.
Let me describe my setup.
My desktop (alfred) is connected to the network
through an ADSL modem.
I am running rp-pppoe, and this works perfectly.
I have a small home network, with two LANs;
an Ethernet LAN (including a machine running Windows XP),
and a WiFi LAN, including the laptop (william) I am using now.
All the computers except for
2004 Dec 04
7
vpn-zone wide open
...sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
MODULESDIR=
CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
RESTOREFILE=
FW=fw
IP_FORWARDING=On
ADD_IP_ALIASES=Yes
ADD_SNAT_ALIASES=no
TC_ENABLED=Yes
CLEAR_TC=Yes
MARK_IN_FORWARD_CHAIN=Yes
CLAMPMSS=No
ROUTE_FILTER=No
DETECT_DNAT_IPADDRS=No
MUTEX_TIMEOUT=60
NEWNOTSYN=Yes
ADMINISABSENTMINDED=Yes
BLACKLISTNEWONLY=Yes
MODULE_SUFFIX=
DISABLE_IPV6=Yes
BRIDGING=No
DYNAMIC_ZONES=No
PKTTYPE=Yes
BLACKLIST_DISPOSITION=DROP
MACLIST_DISPOSITION=REJECT
TCP_FLAGS_DISPO...
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
...bin
++ SHOREWALL_SHELL=/bin/sh
++ SUBSYSLOCK=/var/lock/subsys/shorewall
++ STATEDIR=/var/lib/shorewall
++ MODULESDIR=
++ CONFIG_PATH=/etc/shorewall:/usr/share/shorewall
++ RESTOREFILE=
++ FW=fw
++ IP_FORWARDING=On
++ ADD_IP_ALIASES=Yes
++ ADD_SNAT_ALIASES=No
++ RETAIN_ALIASES=No
++ TC_ENABLED=No
++ CLEAR_TC=Yes
++ MARK_IN_FORWARD_CHAIN=No
++ CLAMPMSS=No
++ ROUTE_FILTER=No
++ DETECT_DNAT_IPADDRS=No
++ MUTEX_TIMEOUT=60
++ NEWNOTSYN=Yes
++ ADMINISABSENTMINDED=Yes
++ BLACKLISTNEWONLY=Yes
++ DELAYBLACKLISTLOAD=No
++ MODULE_SUFFIX=
++ DISABLE_IPV6=Yes
++ BRIDGING=No
++ DYNAMIC_ZONES=No
++ PKTTYPE=Yes
++ DRO...
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled