search for: fw

...------ next part -------------- ############################################################################## #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST # # Accept DNS connections from the firewall to the network # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 # #Accept DNS connections local to firewall ACCEPT loc fw tcp 53 ACCEPT fw loc tcp 53 #Allows webserver traffic from internet to fw #ACCEPT...

...addresses with PHP scripts, I can`t get who is host, only numbers.... POP3 work fine.... In shorewall.conf I have: IP_FORWARDING=Off ROUTE_FILTER=Yes In "/etc/shorewall/interfaces": net eth0 detect norfc1918,nobogons,blacklist,nosmurfs In "/etc/shorewall/rules": ACCEPT net fw icmp 8 ACCEPT net fw tcp 20 ACCEPT net fw tcp 21 ACCEPT net fw tcp 22 ACCEPT net fw tcp 25 ACCEPT net fw tcp 53 ACCEPT net fw udp 53 ACCEPT net fw tcp 80 ACCEPT net fw tcp 110 ACCEPT net fw tcp 143 ACCEPT net fw tcp 443 ACCEPT net fw tcp 465 ACCEPT net fw tcp 993 ACCEPT net fw tcp 995 ACCEPT net fw...

...from the internet. Isn`t it possible to configure shorewall only for the wan interface and let the lan interface untouched from shorewall/iptables? Is there a simple rule/policy to allow all access f- policiy loc net ACCEPT loc all ACCEPT fw loc ACCEPT loc fw ACCEPT fw net ACCEPT net all DROP info all all REJECT info - rules ACCEPT net fw udp 22,143,25,20,21,10000,2...

...ll. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file has: ACCEPT net fw udp 53 - ACCEPT net fw tcp 80,443,53,22,20,21,25,109,110,143,10000 - ACCEPT masq fw udp 53 - ACCEPT masq fw tcp 80,443,53,22,20,21,25,109,110,143,10000 - ACCEPT loc fw udp 53 - ACCEPT loc fw tcp 80,443,53,22...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

I try to do ping between my local network and Internet and i can''t do it, in my policy I have: loc net ACCEPT info loc fw ACCEPT loc dmz ACCEPT info fw loc ACCEPT fw net ACCEPT info fw dmz ACCEPT info dmz net ACCEPT...

...ow 192.168.99.2 dev tun0 proto kernel scope link src 192.168.99.1 192.168.100.0/24 dev eth1 scope link 192.168.101.0/24 via 192.168.99.1 dev tun0 scope link 200.71.42.0/24 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 200.71.42.100 dev eth0 ---------------- Our policy file: fw loc ACCEPT loc fw DROP info #fw net DROP info fw net ACCEPT loc net DROP info loc vpn ACCEPT vpn loc...

...ine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way it is for now). I am also running dnsmasq on the firewall. Everything works fine (LOC<->NET, LOC<->FW, DMZ<->FW, DMZ<->NET). I now want to be able to set up Samba on a DMZ machine, but machines in the local network can''t see the DMZ''s 192.168.11.0 block. Here are my shorewall conf files. I''m not sure what other information I need to provide, so let me kn...

...ables -V iptables v1.2.11 /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT # If you want open access to the Internet from your Firewall # remove the comment from the following line. #fw net ACCEPT net all DROP $LOG # THE FOLLOWING POLICY MUST BE LAST all all REJECT $LOG #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE /etc/shorewall/rules #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/...

...er a while, I started missing the regular logcheck messages. It turned out that any mail originating on the firewall and directed to a local-to-the-firewall address, was rejected with a "Connection refused" message. The relevant rules for SMTP # # SMTP ACCEPT loc fw tcp 25 ACCEPT loc fw tcp 465 ACCEPT loc net tcp 25 ACCEPT loc net tcp 465 ACCEPT net fw tcp 25 ACCEPT net fw...

...LAN with ISP1''s LAN with ISP2''s IP addr. range IP addr. range Thats it :-). Every packet from eth2 should go to ISP1 via eth0 and the same is for eth3-eth1 pair. Very simple. My question is: when I''m trying to define rules for packets arriving to fw itself from ISP1 or ISP2, what should I write as "fw" in /etc/shorewall/rules file? Say, I''d like to accept all packets to fw''s port 80 which are coming from ISP1 and the same I''d like for eth1. What is the meaning of "fw" in that case? Since there are...

Hi, Can U tell me the Vonage ATA 186 settings? I would like to try to have a web interface on my adapter :-)) Best regards, Chris Hariga

...but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the transparent proxy # GPL 2.0 or later (C) 2004 Johannes Martin <jmartin@notamusica.com> # 1. do not redirect http requests to localhost case $MASQMETHOD in ipfwadm) $IPFWADM -I -a accept -P tcp -D localhost 80 ;; ipchains) $IPCHAINS -A input -p tcp -d localhost 80 -j ACCEPT ;; netfilter) $IPTABLES -A INPUT -p tcp -d localhost --dport 80 -j ACCEPT ;; esac # 2. do not redirect http request to hosts on the local network for i in $INTE...

...oxy'' # The two "ACCEPT" rules explicitly permit user ''proxy'' to # connect to the Privoxy server and to the internet. # The two "DROP" rules prevent all other connections to # internal port 8118 or to external port 80. # The "ACCEPT fw fw" rule accepts all other internal trafic. # I think this is a bug in SHORWALL--without this line # all other internal traffic is blocked! ACCEPT fw net tcp 80 - - - proxy ACCEPT fw fw tcp 8118 - - - proxy DROP fw fw tcp 8118 DROP fw net tcp 80 ACCEPT fw fw The "bug" is...

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH net fw I have setup the "two interface example" with modifications: Eth1 is the interface connected to adsl (ppp0) and eth0 the interface connected to LAN. (I tried t...

I have the problem when my localnetwork do telnet to the net Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2 my files are the following: policy #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net CONTINUE info loc fw ACCEPT info loc loc ACCEPT loc dmz ACCEPT info fw loc ACCEPT info fw fw ACCEPT info fw net ACCEPT info fw dmz AC...

We are using Shorewall 2.0.8 with SuSE 9.1 and have built a bridging firewall primarily to defend against syn flood and smurf DoS attacks. We are a small ISP using Cisco routers for a total of 5-6 subnets. Since bridges are based on use of MAC addresses, if we could use one bridging firewall system instead of 5-6 ... is this possible? practical? (Other than introducing a single point of failure

...necessarily clearly show what was done > incorrectly. > > It is probably not a rule problem, but rather a zone problem. Also > state if SSH works when the firewall is disabled. > Yup Kevin, thanks for helping. As you can see the problem is fixed (and the SSH worked with both the fw open but also when I accepted SSH from the Net zone) but I still would like to learn a little with all of your help. Here are my config files and I hope you can all suggest better ways of doing what I want (basically my FW is a standalone machine which gets a DHCP address and I want this machine...

...sertions(+), 5 deletions(-) diff --git a/drm/nouveau/nvkm/engine/gr/gf100.c b/drm/nouveau/nvkm/engine/gr/gf100.c index 157919c788e6..9e65adbab21c 100644 --- a/drm/nouveau/nvkm/engine/gr/gf100.c +++ b/drm/nouveau/nvkm/engine/gr/gf100.c @@ -1756,24 +1756,70 @@ gf100_gr_ = { }; int +gf100_gr_ctor_fw_legacy(struct gf100_gr *gr, const char *fwname, + struct gf100_gr_fuc *fuc) +{ + struct nvkm_subdev *subdev = &gr->base.engine.subdev; + struct nvkm_device *device = subdev->device; + const struct firmware *fw; + char f[32]; + int ret; + + snprintf(f, sizeof(f), "nouveau/nv%02x_%s&...

...cc:59:6b:7a brd ff:ff:ff:ff:ff:ff inet 152.53.30.66/27 brd 152.53.30.95 scope global eth1 And my Rules: # #Redirect all locally-originating www connection requests to # port 3128 on the firewall (Squid running on the firewall # system) # REDIRECT loc 3128 tcp www - # # Accept from Internet to fw all www traffic ACCEPT fw net tcp www ############################################################################ ## #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS # # # To avoid connection delays, reject AUTH if the user hasn''t ACCEPTED it above # REJECT net fw tcp...