search for: initdon

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

...9;m building the tc hierarchy manually with the tcstart script. I also need to add custom iptables rules in the mangle table to classify the packets. Currently I''m using started to insert the iptables commands, but that''s way too late in the process. I tried putting them into the initdone file, but it''s trying to parse that and doesn''t like. Should I be bundling these iptables entries into the tcstart script then? Thanks for any advice -- lee (shorewall dump not attached as it''s (embarrassingly) too big for the mailing list) (attached tcstart and start...

..... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Deleting user chains... Setting up Accounting... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Processing /etc/shorewall/initdone ... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/ipsec... Processing /etc/shorewall/rules... Rule "ACCEPT:ULOG fw loc icmp" added. Rule "ACCEPT:ULOG all fw tcp 22" added. Rule "ACCEPT:ULOG all fw tcp 22" added. R...

Hi, My main gateway is a router running on OpenWrt Barrier Breaker r37816/ Kernel Version3.10.4. I installed shorewall-lite from openwrt''s repo using opkg but while trying to start shorewall-lite I get the folowing errors: The first error i got was "scp: /var/lib/shorewall-lite: No such file or directory" simply resolved by making the folder "shorewall-lite"

...he addition of an ''initialized'' extension script that can be used to run commands contained in the ''common'' script under Shorewall 1.x but that have nothing to do with the ''common'' chain. I''ve decided to call the new script ''initdone'' rather than ''initialized'' because I think that the new name goes better with the existing ''init'' script. This change is in CVS. Sorry for any convenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline,...

>> Only one remark. Information about 'init' file i found only in >> releasenotes.txt for 4.1.6 (for setting up 'ifb' module) and i found >> 'initdone' file in Shorewall config directory and without manfile also. >> For me not very clearly as it use. > > http://www.shorewall.net/shorewall_extension_scripts.htm On this page i found a little dissonance between description list of scripts at the begin and table for Shorewall-p...

I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and

...Zone: eth1:0.0.0.0/0 wlan_net Zone: eth2:0.0.0.0/0 Processing /etc/shorewall/init ... Pre-processing Actions... Deleting user chains... Setting up Accounting... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Processing /etc/shorewall/initdone ... Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/ipsec... Processing /etc/shorewall/rules... Processing Actions... Generating Transitive Closure of Used-action List... Processing /etc/shorewall/policy... Policy ACCE...

I''m havign a HUGE amount of difficulty getting shoreline to work with LVS. We use it here constantly so we know it works. The problem is packets come in, get directed to a webserver, webserver returns the packet to firewall, and then it goes into a black hole. rp_filter is off globally on all interfaces. LVS seems to be working right.... I use shorewall tcrules to mark packets on

...ewall 1.4.x to Shorewall 2.2.0. You will only have to make changes after the upgrade if: a) You have created an /etc/shorewall/common file for reasons other than dropping SMB traffic rather than rejecting it. In that case, you will need to rename your /etc/shorewall/common file to /etc/shorewall/initdone and remove all references to the ''common'' chain. b) You have defined User Sets in /etc/shorewall/usersets. You will need to convert to using User-defined actions that control connections based on the effective user-id and/or group-id of the firewall-resident application making...

...x to Shorewall 2.2.0. You will only have to make changes after the upgrade if: a) You have created an /etc/shorewall/common file for reasons other than dropping SMB traffic rather than rejecting it. In that case, you will need to rename your /etc/shorewall/common file to /etc/shorewall/initdone and remove all references to the ''common'' chain. b) You have defined User Sets in /etc/shorewall/usersets. You will need to convert to using User-defined actions that control connections based on the effective user-id and/or group-id of the firewall-resident app...

...: /etc/shorewall/accounting: (not configured) /etc/shorewall/actions: (not configured) /etc/shorewall/blacklist Several IP''s blacklisted''s. /etc/shorewall/ecn: (not configured) /etc/shorewall/hosts: (not configured) /etc/shorewall/init: (not configured) /etc/shorewall/initdone: (not configured) /etc/shorewall/interfaces: net eth1 detect routerfilter,norfc1918,logmartians,nosmurfs,tcpflags,blacklist loc eth0 detect tcpflags /etc/shorewall/ipsec: (not configured) /etc/shorewall/ipsecvpn: (not configured) /etc/shorewall/maclist: (not configured) /etc/shorewall/ma...

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

...s... Net Zone: eth2:0.0.0.0/0 Local Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0 Processing /etc/shorewall/init ... Deleting user chains... Setting up Accounting... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Processing /etc/shorewall/initdone ... Adding rules for DHCP Enabling RFC1918 Filtering Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.DropSMB... Pre-processing /usr/share/shorewall/action.RejectSMB... P...

...Net Zone: eth0:0.0.0.0/0 Warning: Zone loc is empty Warning: Zone dmz is empty Processing /etc/shorewall/init ... Deleting user chains... Setting up Accounting... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Processing /etc/shorewall/initdone ... Setting up Blacklisting... Blacklisting enabled on eth0:0.0.0.0/0 Adding Anti-smurf Rules Enabling RFC1918 Filtering Enabling Bogon Filtering Setting up Kernel Route Filtering... IP Forwarding Disabled! Processing /etc/shorewall/tunnels... Pre-processing Actions... Pre-processing /usr/share/sh...

I have a couple of firewalls that are rather complicated - one has 21 interfaces, and the other has about 50 (there''s some heavy use of 802.1q, they only have half a dozen network cards). They work okay, but - compiling the rules takes a long time even on the faster servers, and restarting shorewall-lite takes between 5 and 10 minutes (during which time, only the routestopped stuff will

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

...ing Macro /usr/share/shorewall/macro.SMB... ..End Macro /usr/share/shorewall/macro.SMB Compiling /etc/shorewall/policy... Policy for fw to wan is ACCEPT using chain fw2wan Policy for fw to wan is DROP using chain all2all Policy for wan to fw is DROP using chain all2all Processing /etc/shorewall/initdone... Blacklisting enabled on eth0:0.0.0.0/0 Compiling TCP Flags filtering... Compiling Kernel Route Filtering... Compiling Martian Logging... Compiling MAC Filtration -- Phase 1... Compiling MAC Verification for -- Phase 1... Compiling /etc/shorewall/rules... Rule "ACCEPT wan fw tcp imap,im...