search for: dropnonsyn

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

Hello, I''ve been doing some tests on a firewall system running Shorewall 1.4, and have been getting some unexpected behavior when enabling the "newnotsyn" option. In the test setup, I have: ---------------------------------------- /etc/shorewall/interfaces net eth0 detect routefilter,tcpflags,blacklist loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Hi, I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz I followed the instructions for upgrade and got a warning when running shorewall check on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" while that has changed to DropNotSyn . I manually copied over action.DROP from the source tree. Question: Are there more files to check ? Even though I get no warnings running shorewall check ? Do I have to be worried about the upgrade not being succesful ? thanks, Peter

...ain (plus AllowPing) which I personally like). # # Shorewall 2.0 /etc/shorewall/actions.std # # DropBcast #Silently Drops Broadcast Traffic DropSMB #Silently Drops Microsoft SMB Traffic RejectSMB #Silently Reject Microsoft SMB Traffic DropUPnP #Silently Drop UPnP Probes DropNonSyn #Silently Drop Non-syn TCP packets RejectAuth #Silently Reject Auth DropPing #Silently Drop Ping AllowPing #Accept Ping Drop:DROP #Common rules for DROP policy Reject:REJECT #Common Action for Reject policy #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE...

...''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE'' + read first rest + cut -d# -f1 + grep -v ''^[[:space:]]*$'' + echo ''Pre-processing Actions...'' Pre-processing Actions... + process_actions1 + ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP'' + USEDACTIONS= + strip_file actions + local fname + ''['' 1 = 1 '']'' ++ find_file actions ++ local saveifs= directory ++ case $1 in ++ ''['' -n ''...

...h all -- * * 0.0.0.0/0 0.0.0.0/0 576K 59M dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 384K 19M DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 7 626 DROP udp -- * * 0.0.0.0/0 0...

...h all -- * * 0.0.0.0/0 0.0.0.0/0 576K 59M dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 384K 19M DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 367K 18M DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 7 626 DROP udp -- * * 0.0.0.0/0 0...

Good day to all. I don''t like to Post unless I am really stuck. Guess what? Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled). All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine

...0.0.0.0/0 0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropNonSyn all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP...