search for: eneotecnologia

...a great number of zones and rules, so I have had to add a new configuration variable POLICY_ACCEPT_STARTING. If it is set to ''Yes'', then DROP default policy will be added at the end of compilling period. Regards. cheer up, Tom! -- Juan Jes?s Prieto - Consultor?a TI jjprieto@eneotecnologia.com http://www.eneotecnologia.com --------------------------------------- fingerprint: BFC2 0370 7708 F800 0BEC 60A4 EC71 4BB1 CC85 99F5 http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xCC8599F5

Hi Tom and folks, There are some svn or cvs system for the shorewall-dev community?. If Tom want to leave the project for a while, maybe it will be necesary some cooperation system. Regards. -- Juan Jes?s Prieto - Consultor?a TI jjprieto@eneotecnologia.com http://www.eneotecnologia.com --------------------------------------- fingerprint: BFC2 0370 7708 F800 0BEC 60A4 EC71 4BB1 CC85 99F5 http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xCC8599F5

...performance and know it reachs a limit around 500 rules and then starts degradating, but also know shorewall makes a great job dividing the rules in such a way the traffic doesnt need to pass all of them. Any clue? Any advice. We will be VERY appreciated. Regards -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

...make a general filter rule for p2p traffic. I want to improve this part of shorewall but I dont know where to locate the ipp2p rule or what kind of strategy to follow. Note: I have maked some test with ipp2p and ethereal to detect this situation. -- Juan Jes?s Prieto - Consultor?a TI jjprieto@eneotecnologia.com http://www.eneotecnologia.com --------------------------------------- fingerprint: BFC2 0370 7708 F800 0BEC 60A4 EC71 4BB1 CC85 99F5 http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xCC8599F5

Hi list, I''m using Dom0 gentoo with xen 3.0.4 and xenman. I have several DomU working and it is really nice :) so all my DomUs are installed with disk images. Now i want to use an ISO to boot and install a linux system (or win). When i try to boot the DomU i dont have nothing, nothing relevant (for me) in logs and i can connect to the console. The state of the DomU is unknow. Any help

...Anybody has configured a Shorewall firewall to protect Citrix servers? Could you give us some clue on the rules you have to define? Citrix opens a connection from the inside to the outside from a different port (more or less like ftp) and seems not works. Regards -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

...have just discovered this great project. It seems it surpasses standard netfilter in performance. The documentation states they are more or less compatible with standard netfilter, but anybody has tested if it is compatible with shorewall? Tom, have you? Regards -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

...ll configurations/hardware. We have discovered hping that seems a great tool for this, but funny enough Shorewall cuts it !!! even when you leave ports open :) So besides hping, any tool for this? Why is shorewall cutting this traffic? Thanks in advance. Regards. -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

...d to pass trough the firewall, will dropping it on eth0 solve the problem? (That way there is no way the packets enter into other ethernet ports) What would happen with other multicast based apps? Would they need to be dropped too? Very thankful in advance. Regards. -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

...checking is done after all the rules involving from this zone to this zone. As you could have a lot of them, wont be better to place them just after checking the state is not invalid? This will mean a lot of packages will be accepted or rejected much faster. Regards -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

I believe that 2.4.0 is about ready to be sent out the door. I''ve made a couple of small changes since RC2 but I don''t believe that they warrant another RC. There remains the issue of what to do about support for Shorewall 2.0 given that 2.2 has only been available since March. It would be my recommendation to make 2.4 the new "stable" release but continue to

...? Any ideas? Does it work with kernel 2.4? And of course, can it be managed with shorewall? :))) Bear in mind I''m not talking about ISP redundancy but the firewall itself, if possible set as an active/active failover solution. Thanks in advance. Regards. -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

Is anyone using an inline IDS like hogwash or snort-inline to drop packets in a system running shoreline? I _think_ I see how to configure it, but I''d be really interested in finding a howto or something... Thanks! Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

I made an atempt to run snort_inline and shorewall on the same system but I could not get snort to see the packets. Maybe someone with a little more iptables knowledge could tell me what I''m doing wrong or if its possible to have the systems setup so that it places packets that the firewall would allow into QUEUE. After setting up and starting shorewall I then issue the following

Hi I''m currently setting up a game server and have opened all ports needed to run it. What other options do I have regarding protecting the open ports? I''m worried about people attacking the open ports to render the server useless. Any help or advice would be appreciated. Thank you. Recoil UK

Hi everyone, I see that shorewall has "ratelimit" but i''m interested in deny conexions by number of them, not by number/sec. Is connlimit feature supported by shorewall? Or maybe someone have an extraofficial patch for them? Regards, Angel Mieres ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT