search for: dropnonsyn

Displaying 10 results from an estimated 10 matches for "dropnonsyn".

2004 Jun 28
6
URGENT: Shorewall Security Vulnerability
Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0
2004 May 26
6
Newnotsyn Behavior
Hello, I''ve been doing some tests on a firewall system running Shorewall 1.4, and have been getting some unexpected behavior when enabling the "newnotsyn" option. In the test setup, I have: ---------------------------------------- /etc/shorewall/interfaces net eth0 detect routefilter,tcpflags,blacklist loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled
2005 Mar 10
7
upgrade question
Hi, I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz I followed the instructions for upgrade and got a warning when running shorewall check on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" while that has changed to DropNotSyn . I manually copied over action.DROP from the source tree. Question: Are there more files to check ? Even though I get no warnings running shorewall check ? Do I have to be worried about the upgrade not being succesful ? thanks, Peter
2004 Jan 12
0
Shorewall2 -- now running on gateway.shorewall.net
...ain (plus AllowPing) which I personally like). # # Shorewall 2.0 /etc/shorewall/actions.std # # DropBcast #Silently Drops Broadcast Traffic DropSMB #Silently Drops Microsoft SMB Traffic RejectSMB #Silently Reject Microsoft SMB Traffic DropUPnP #Silently Drop UPnP Probes DropNonSyn #Silently Drop Non-syn TCP packets RejectAuth #Silently Reject Auth DropPing #Silently Drop Ping AllowPing #Accept Ping Drop:DROP #Common rules for DROP policy Reject:REJECT #Common Action for Reject policy #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE...
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
...''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE'' + read first rest + cut -d# -f1 + grep -v ''^[[:space:]]*$'' + echo ''Pre-processing Actions...'' Pre-processing Actions... + process_actions1 + ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP'' + USEDACTIONS= + strip_file actions + local fname + ''['' 1 = 1 '']'' ++ find_file actions ++ local saveifs= directory ++ case $1 in ++ ''['' -n ''...
2005 Feb 28
1
Mail server on DMZ
...h all -- * * 0.0.0.0/0 0.0.0.0/0 576K 59M dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 384K 19M DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 7 626 DROP udp -- * * 0.0.0.0/0 0...
2005 Mar 07
10
DNS Name problem with mail server on LAN
...h all -- * * 0.0.0.0/0 0.0.0.0/0 576K 59M dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 384K 19M DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 7 626 DROP udp -- * * 0.0.0.0/0 0...
2004 Dec 28
14
DHCP
Good day to all. I don''t like to Post unless I am really stuck. Guess what? Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled). All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine
2005 Jan 11
1
Squid and DMZ (ProxyARP)
...0.0.0.0/0 0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP...