Displaying 10 results from an estimated 10 matches for "dropnonsyn".
2004 Jun 28
6
URGENT: Shorewall Security Vulnerability
Javier Fernández-Sanguino Peña has discovered an exploitable
vulnerability in the way that Shorewall handles temporary files and
directories. The vulnerability can allow a non-root user to cause
arbitrary files on the system to be overwritten. LEAF Bering and Bering
uClibc users are generally not at risk due to the fact that LEAF boxes
do not typically allow logins by non-root users.
For 2.0
2004 May 26
6
Newnotsyn Behavior
Hello,
I''ve been doing some tests on a firewall system running Shorewall 1.4, and
have been getting some unexpected behavior when enabling the "newnotsyn"
option.
In the test setup, I have:
----------------------------------------
/etc/shorewall/interfaces
net eth0 detect routefilter,tcpflags,blacklist
loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
2005 Mar 10
7
upgrade question
Hi,
I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz
I followed the instructions for upgrade
and got a warning when running shorewall check
on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn"
while that has changed to DropNotSyn .
I manually copied over action.DROP from the source tree.
Question: Are there more files to check ? Even though I get no warnings
running shorewall check ?
Do I have to be worried about the upgrade not being succesful ?
thanks,
Peter
2004 Jan 12
0
Shorewall2 -- now running on gateway.shorewall.net
...ain (plus
AllowPing) which I personally like).
#
# Shorewall 2.0 /etc/shorewall/actions.std
#
#
DropBcast #Silently Drops Broadcast Traffic
DropSMB #Silently Drops Microsoft SMB Traffic
RejectSMB #Silently Reject Microsoft SMB Traffic
DropUPnP #Silently Drop UPnP Probes
DropNonSyn #Silently Drop Non-syn TCP packets
RejectAuth #Silently Reject Auth
DropPing #Silently Drop Ping
AllowPing #Accept Ping
Drop:DROP #Common rules for DROP policy
Reject:REJECT #Common Action for Reject policy
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE...
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
...''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE''
+ read first rest
+ cut -d# -f1
+ grep -v ''^[[:space:]]*$''
+ echo ''Pre-processing Actions...''
Pre-processing Actions...
+ process_actions1
+ ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP''
+ USEDACTIONS=
+ strip_file actions
+ local fname
+ ''['' 1 = 1 '']''
++ find_file actions
++ local saveifs= directory
++ case $1 in
++ ''['' -n ''...
2005 Feb 28
1
Mail server on DMZ
...h all -- * * 0.0.0.0/0
0.0.0.0/0
576K 59M dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
384K 19M DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
367K 18M DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
367K 18M dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
367K 18M DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination
7 626 DROP udp -- * * 0.0.0.0/0
0...
2005 Mar 07
10
DNS Name problem with mail server on LAN
...h all -- * * 0.0.0.0/0
0.0.0.0/0
576K 59M dropBcast all -- * * 0.0.0.0/0
0.0.0.0/0
384K 19M DropSMB all -- * * 0.0.0.0/0
0.0.0.0/0
367K 18M DropUPnP all -- * * 0.0.0.0/0
0.0.0.0/0
367K 18M dropNonSyn all -- * * 0.0.0.0/0
0.0.0.0/0
367K 18M DropDNSrep all -- * * 0.0.0.0/0
0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source
destination
7 626 DROP udp -- * * 0.0.0.0/0
0...
2004 Dec 28
14
DHCP
Good day to all.
I don''t like to Post unless I am really stuck. Guess what?
Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled).
All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine
2005 Jan 11
1
Squid and DMZ (ProxyARP)
...0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP...