search for: dropnotsyn

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

...LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE'' + read first rest + cut -d# -f1 + grep -v ''^[[:space:]]*$'' + echo ''Pre-processing Actions...'' Pre-processing Actions... + process_actions1 + ACTIONS=''dropBcast allowBcast dropNonSyn dropNotSyn rejNotSyn dropInvalid allowInvalid allowinUPnP allowoutUPnP forwardUPnP'' + USEDACTIONS= + strip_file actions + local fname + ''['' 1 = 1 '']'' ++ find_file actions ++ local saveifs= directory ++ case $1 in ++ ''['' -n '''' -a...

Hi, I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz I followed the instructions for upgrade and got a warning when running shorewall check on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" while that has changed to DropNotSyn . I manually copied over action.DROP from the source tree. Question: Are there more files to check ? Even though I get no warnings running shorewall check ? Do I have to be worried about the upgrade not being succesful ? thanks, Peter

Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja

...Accept Source Routing... Setting up SYN Flood Protection... Setting up IPSEC management... Setting up Rules... Setting up Tunnels... Setting up Actions... Creating action chain Drop Creating action chain Reject Creating action chain dropBcast Creating action chain dropInvalid Creating action chain dropNotSyn Applying Policies... Setting up Masquerading/SNAT... Activating Rules... done. see attached file for /sbin/shorewall dump > /tmp/status.txt I really do hope I can receive some extra help with this If there is anything else I can submit to help trouble shoot with me, please let me know....

...-- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0....

...all -- * * 0.0.0.0/0 0.0.0.0/0 60 8508 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 60 8508 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0...

...Rule "REJECT loc net:213.228.128.64 tcp 25" added. Processing Actions... Processing /usr/share/shorewall/action.Drop... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "DropSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.Reject... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "RejectSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" added. Rul...

...10000" checked. Validating Actions... Processing /usr/share/shorewall/action.Drop... Rule "RejectAuth" checked. Rule "dropBcast" checked. Rule "dropInvalid" checked. Rule "DropSMB" checked. Rule "DropUPnP" checked. Rule "dropNotSyn" checked. Rule "DropDNSrep" checked. Processing /usr/share/shorewall/action.Reject... Rule "RejectAuth" checked. Rule "dropBcast" checked. Rule "dropInvalid" checked. Rule "RejectSMB" checked. Rule "DropUPnP" checked...

...ded. Rule "ACCEPT net fw tcp 26" added. Processing Actions... Processing /usr/share/shorewall/action.Drop... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "dropInvalid" added. Rule "DropSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.Reject... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "dropInvalid" added. Rule "RejectSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" ad...

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

...] :tcpost - [0:0] :tcpre - [0:0] -A PREROUTING -j tcpre -A FORWARD -j tcfor -A OUTPUT -j tcout -A POSTROUTING -j tcpost COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :Drop - [0:0] :Reject - [0:0] :all2all - [0:0] :blacklst - [0:0] :dropBcast - [0:0] :dropInvalid - [0:0] :dropNotSyn - [0:0] :dynamic - [0:0] :eth0_fwd - [0:0] :eth0_in - [0:0] :eth0_out - [0:0] :fw2wan - [0:0] :logdrop - [0:0] :logflags - [0:0] :logreject - [0:0] :reject - [0:0] :smurfs - [0:0] :tcpflags - [0:0] :wan2fw - [0:0] -A INPUT -i eth0 -j eth0_in -A INPUT -i lo -j ACCEPT -A INPUT -j Drop -A INPUT -j DRO...

...0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT...

...0.0.0.0/0 43 2140 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 43 2140 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 29 1464 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 29 1464 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 28 1424 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP...

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

...81 4164 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0 81 4164 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 AllowICMPs icmp -- * * 0.0.0.0/0 0.0.0.0/0 81 4164 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 81 4164 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 81 4164 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 81 4164 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 79 4084 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 Chain DropSMB (1 references) pkts bytes target prot opt in out source destinatio...

...-- * * 0.0.0.0/0 0.0.0.0/0 60 3060 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 60 3060 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 14 672 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 14 672 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 14 672 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0...

...ll -- * * 0.0.0.0/0 0.0.0.0/0 189 26286 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0...

...all -- * * 0.0.0.0/0 0.0.0.0/0 321 18582 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 134 8110 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 111 7008 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 111 7008 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 102 6648 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0...