search for: configuration_file_basics

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, I''d like to know how to set up shorewall to deny a user-defined action in a time-based basis, for example, I have a group of users using MSN, AOL, www and https, in a defined action called action.BasicAccess now, I want this access to be enabled only on lunch time from Monday through Friday and weekends from noon to 6pm... I know

Hello. I´m using an ftp server in passive mode using ports 30000-50000 and i have a question: how i can limit bandwidth using shorewall for multiple ports? It´s possible? Can someone send me an example? Thanks Wilson ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated

Hello, is it possible to configure Shorewall for different network environments? I am using it on a single Linux computer. When I am at home, I am using an internal IP address (192.168.0.X), and when I am using my cable modem, I get an internet IP assigned. I now want to be able to use Samba/Windows Filesharing when at home and to disable it when I am using my computer directly on the net.

The params file appears to be simply "sourced" by the firewall script, which means one can put any Bourne shell code into it and it will execute it. This feature isn''t documented, so I''m wondering if it can be documented and thus guaranteed to always work. I''d like to dig out the IP parameters of my interface cards from the ifcfg-eth? files and set shorewall

We are using Shorewall 2.0.8 with SuSE 9.1 and have built a bridging firewall primarily to defend against syn flood and smurf DoS attacks. We are a small ISP using Cisco routers for a total of 5-6 subnets. Since bridges are based on use of MAC addresses, if we could use one bridging firewall system instead of 5-6 ... is this possible? practical? (Other than introducing a single point of failure

I hae 30 computers on my nerwork, I have shorewall, I want to link each IP number with MAC address ... my friend did it in itpables, I have shorewall and I don''t know where I can do it and how do it ... best wishes from Poland Maciek p.s. AND VERY IMPORTANT - after "linking" IP with MAC I want to reject all other IP''s -- ---- Oferta jakiej jeszcze nie by³o! Serwer

Hello, I remember that i can set up variables to reference the interfaces i am using something like IF_ETH or ETH PPP... i dont remember the exact place can some one point me on the right direction .. Thanks ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about

Hi, I have a rule: DNAT net dmz:a.b.c.d tcp 25 - k.l.m.n The problem: I want to DNAT port 25, 143, 110 k.l.m.n is alternate public ip (using vrrp, just like alias) Can I abridge the above line using macro, instead of writing 3 separate lines? I can do: MailPorts/DNAT net dmz:a.b.c.d But this refer to the physical public ip I have more elaborate requirement to forward around 20

...ready the following documentation: http://www.shorewall.net/Introduction.html http://www.shorewall.net/three-interface.htm http://www.shorewall.net/GettingStarted.html http://www.shorewall.net/shorewall_quickstart_guide.htm http://www.shorewall.net/shorewall_setup_guide.htm http://www.shorewall.net/configuration_file_basics.htm http://www.shorewall.net/starting_and_stopping_shorewall.htm http://www.shorewall.net/Documentation_Index.html http://www.shorewall.net/ipsets.html http://www.shorewall.net/manpages/shorewall-exclusion.html http://www.shorewall.net/manpages/shorewall-ipsets.html Also after reading documentatio...

Hi all Hi everyone Shorewall 3.2.6 and OpenSWAN 2.4.4-18.2 are on SLES10 machine with public fixed IP address on Internet interface. I am trying to establish IPSEC VPN tunnel to network behind D-Link DI-804HV VPN router who is on dynamic IP address. For this I am using dyndns.org alias on DI804 side. Shorewall is stopping all packets comming from DI804 whey trying to establish tunnel. Log on

I have a multi-isp configuration: CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0 IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0 where I force SMTP out one of the connections: 512:P br-lan - tcp 25 But the effect of that of course is that if IGS goes down, SMTP will leak out of the CGCO connection. How can I prevent that? Cheers, b.

Hi, i have been using shorewall for 3 months, and shorewall was working well, but i don''t know why, when I type "shorewall start" o "shorewall restart", it says that. I have two files of rules: The first: DNS/ACCEPT net:208.67.222.222,208.67.220.220 The second: DNS/ACCEPT net:208.67.222.222,208.67.220.220 HTTP/ACCEPT net:www.google.com,mail.google.com,...

Le mardi 21 juin 2011 15:32, Tom Eastep a écrit : > -------- Forwarded Message -------- > From: Tom Eastep <teastep@shorewall.net> > Reply-to: Shorewall Users <shorewall-users@lists.sourceforge.net> > To: Shorewall Users <shorewall-users@lists.sourceforge.net> > Subject: Re: [Shorewall-users] routestopped 4.2 to 4.4 > Date: Mon, 20 Jun 2011 13:37:02 -0700 >

Hello, My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu 10.04, This installation is for controlling the access into the local Network, My question is if it is possible to make a conecction WAN to LAN using Terminal Name?? i have been searching in goolge but i didnt find an answer!!!! For example we have IP Public into shorewall with 2 interfaces, and in the LAN we have 3

I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the contents of an ipset (lan:+serviceshost or similar) where the ipset is ensured to contain only one host, but can be changed dynamically when services are in maintenance mode and go to the "services are down" message on another server. Will this work, or am I barking up a fish here?

Hi, I had set rules so that my client can only visit few sites instead of the whole net. My question is, how can I allow my client to activate it''s product key and also to run windows update? One more thing is, can I use domain name in the rule config? if yes, can I put just microsoft.com to refer to aaa.microsoft.com bbb.microsoft.com? Please advice

Hello, Today I restarted the firewall machine during an outage of the ADSL line overhere. At the boot Shorewall did not start but stopped during start. The problem was that the ADSL line was down so no DNS server available to resolve hostnames. I have a hostname in "blacklist" file and therefore shorewall did not start. Is this problem solvable without putting an IP address in the

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

... are they possible?, or better yet: Are they enhacements at all? First, make it possible to use the vars defined in the params file usable in the policy and shorewall.conf also. Second, make it possible to specify a pseudo log level like NULL, SWNULL (SW by Shorewall) or an appropiate name that would have the same effect as not specifying a log level at all. These modifications together