search for: fireparse

The version of Shorewall in the \Shorewall CVS project has my next attempt at Fireparse integration. a) The LOGMARKER variable is gone and is replaced with LOGFORMAT b) LOGFORMAT contains a printf (1) formatting template that accepts three arguments: 1) The Chain Name 2) The Logging Rule Number within Chain 3) The disposition of the packet (DROP,REJECT,ACCEPT) c) To use Shorewa...

...the rule that drops status=INVALID packets. This insures that all loopback traffic is allowed even if Netfilter connection tracking is confused. New Features: 1) IPV6-IPV4 (6to4) tunnels are now supported in the /etc/shorewall/tunnels file. 2) Shorewall can now be easily integrated with fireparse (http://www.fireparse.com) by setting LOGMARKER="fp=" in /etc/shorewall/shorewall.conf. Note: You may not use ULOG with fireparse unless you modify fireparse. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teas...

Given that there are new features and there are external changes to get around the Fireparse fiasco, I have called this release 1.4.4 rather than 1.4.3b. Problems Corrected: None. New Features: 1) A REDIRECT-rule target has been added. This target behaves for REDIRECT in the same was as DNAT-does for DNAT in that the Netfilter nat table REDIRECT rule is added but not the comp...

The Fireparse --log-prefix fiasco continues. Version 1.4.4a omits the logging rule number if the LOGFORMAT value does not contain ''%d''. The default value of LOGFORMAT is then changed to "Shorewall:%s:%s:" so that the maximum length of a short zone name is once again back at 5. -T...

I found a minor problem in new logging system. New logging system limits zone-names effectively to 4 characters. If you have REJECT policy between 2 zones which have 5 characters long, here example ipsec zone, I iptables will give error because logprefix is limited to 29 characters. --log-prefix "Shorewall:ipsec2ipsec:1:REJECT:" So zone names should be limited to 4 characters or

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not

Hi there. I''m reading and reading through the doc''s and previous posts, but cannot seem to find what I''m looking for. I want to create a rule that prevents DoS and maybe even DDoS attacks against a specific port. The current rule looks like this (the PORT''s and IP''s are dummies of course): #ACTION SOURCE DEST