Displaying 20 results from an estimated 27 matches for "logunclean".
2003 Aug 23
2
Warning of upcoming removal of ''logunclean'' and ''dropunclean'' interface options.
Harald Welte just announced that the 2.6 Kernels will not support the
''unclean'' match extension except via Patch-O-Matic.
Since I have a polciy of not supporting Netfilter features that are only
available in P-O-M, I will be removing the ''logunclean'' and ''dropunclean''
interface options from Shorewall.
In 1.4.7, a warning will be issued if these options are specified. In a
later release, the warning will be replaced with an error and the code to
create ''unclean'' match rules will be removed.
-Tom...
2003 Jul 26
3
Snapshot 1.4.6_20030726
http://shorewall.net/pub/shorewall/Snapshots
ftp://shorewall.net/pub/shorewall/Snapshots
Problems Corrected since version 1.4.6:
1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was
being tested before it was set.
2) Corrected handling of MAC addresses in the SOURCE column of the
tcrules file. Previously, these addresses resulted in an invalid
iptables command.
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2004 Jul 23
4
shorewall 2.0.3a, (ULOG) doesn''t log anything
...it so it logs on
/var/log/ulog.log
2) I''ve modified each appearance of "info" to "ULOG" in my config
st3:/etc/shorewall# grep ULOG *
policy:net all REJECT ULOG
policy:all all REJECT ULOG
shorewall.conf:LOGUNCLEAN=ULOG
What''s going on here?
btw, when I run "shorewall check" I got a msg telling me that it''s
deprecated. what should I use instead?
2003 Feb 25
2
Unclean packets
Hello,
If I set my network interface to have "logunclean" along with
"dhcp,norfc1918,routefilter,noping,tcpflags", then when I connect to
http://welcome.hp.com/country/us/eng/support.htm and choose any of the
product I get this.
logpkt:LOG:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00
SRC=192.151.11.205 DST=24.24.243.178 LEN=...
2004 Jan 31
5
Shorewall 2.0.0 Alpha 1
http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2002 Jun 15
4
Serious Bug found in Shorewall 1.3.x
Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0
and 1.3.1. In both versions, where an interface option appears on multiple
interfaces, the option may only be applied to the first interface on which
it appears.
A corrected firewall script for 1.3.1 is available at:
http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall
and
2004 Nov 27
12
New User on FC3
I am a new user of shorewall, and am having some difficulty getting it set up on a
new Fedora Core 3 system. When I run the shorewall script in the /etc/init.d the
following errror message is received.
tarting shorewall: ./shorewall: line 26: 10555 Terminated $exec start
>/dev/null 2>&1
[FAILED]
2003 Aug 12
1
Shorewall Keeps sending false IP Address Conflict
...39;'
+ do_initialize
+ export LC_ALL=C
+ LC_ALL=C
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+ terminator=startup_error
+ version=
+ FW=
+ SUBSYSLOCK=
+ STATEDIR=
+ ALLOWRELATED=Yes
+ LOGRATE=
+ LOGBURST=
+ LOGPARMS=
+ ADD_IP_ALIASES=
+ ADD_SNAT_ALIASES=
+ TC_ENABLED=
+ LOGUNCLEAN=
+ BLACKLIST_DISPOSITION=
+ BLACKLIST_LOGLEVEL=
+ CLAMPMSS=
+ ROUTE_FILTER=
+ NAT_BEFORE_RULES=
+ DETECT_DNAT_IPADDRS=
+ MUTEX_TIMEOUT=
+ NEWNOTSYN=
+ LOGNEWNOTSYN=
+ FORWARDPING=
+ MACLIST_DISPOSITION=
+ MACLIST_LOG_LEVEL=
+ TCP_FLAGS_DISPOSITION=
+ TCP_FLAGS_LOG_LEVEL=
+ RFC1918_LOG_LEVEL=
+ MARK...
2003 Oct 21
0
Shorewall 1.4.7a
...y caused "shorewall start" to fail:
ACCEPT loc $FW icmp 0,8,11,12
3) Previously, if the following error message was issued, Shorewall
was left in an inconsistent state.
Error: Unable to determine the routes routes through interface xxx
4) Handling of the LOGUNCLEAN option in shorewall.conf has been
corrected.
5) In Shorewall 1.4.2, an optimization was added. This optimization
involved creating a chain named "<zone>_frwd" for most zones
defined using the /etc/shorewall/hosts file. It has since been
discovered that in many cases th...
2003 Oct 02
2
Shorewall 1.4.7 RC2
...r if neither of these two files
exist and correctly removes the lock file.
4) The order of processing the various options has been changed such
that blacklist entries now take precedence over the ''dhcp''
interface setting.
5) The log message generated from the ''logunclean'' interface option
has been changed to reflect a disposition of LOG rather than DROP.
6) The RFC1918 file has been updated to reflect recent IANA
allocations.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washingt...
2003 Mar 11
0
Shorewall 1.3.14a
...ile that reflects the resent allocation
of 222.0.0.0/8 and 223.0.0.0/8.
* The documentation for the routestopped file claimed that a
comma-separated list could appear in the second column while the code only
supported a single host or network address.
* Log messages produced by ''logunclean'', ''dropunclean'' and
''LOGNEWNOTSYN'' were not rate-limited.
* 802.11b devices with names of the form wlan<n> don''t support the
''maclist'' interface option.
* Log messages generated by RFC 1918 filtering are not rat...
2002 Jun 17
0
Another 1.3.x Bug
Another bug with similar symptoms to the last one has been found by Renato
Tirol.
The bug fixed by the earlier errata update affects the following options:
dhcp
dropunclean
logunclean
norfc1918
routefilter
multi
filterping
noping
The bug reported by Renato and fixed in the current errata update affects:
routestopped
The new update is available at:
http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall
ftp://ftp.shorewall.net/pub/shorewall/errata/1.3.1/firewall...
2004 Feb 10
1
Preparing for Shorewall 2.0
...ill ease the migration when the time comes.
a) Shorewall 2.0 doesn''t allow you to specify rate limiting in the ACTION
column (e.g., ACCEPT<10/sec:40>) so you will need to move all rate limiting
specifications over to the RATE LIMIT column.
b) The "dropunclean" and "logunclean" interface options are no longer
supported on 2.0 so you should remove them from the OPTIONS column in
/etc/shorewall/interfaces.
c) The Default value for the ALL INTERFACES column in /etc/shorewall/nat
switches from "Yes" to "No". So if that column is empty in any of y...
2003 Oct 06
2
Shorewall 1.4.7
...neither of these two files
exist and correctly removes the lock file.
16) The order of processing the various options has been changed such
that blacklist entries now take precedence over the ''dhcp''
interface setting.
17) The log message generated from the ''logunclean'' interface option
has been changed to reflect a disposition of LOG rather than DROP.
18) When a user name and/or a group name was specified in the USER SET
column and the destination zone was qualified with a IP address,
the user and/or group name was not being used to qualify...
2003 Oct 30
0
Shorewall 1.4.8 RC1
...ACCEPT loc $FW icmp 0,8,11,12
3. Previously, if the following error message was issued, Shorewall
was left in an inconsistent state.
Error: Unable to determine the routes through interface xxx
4. Handling of the LOGUNCLEAN option in shorewall.conf has been
corrected.
5. In Shorewall 1.4.2, an optimization was added. This optimization
involved creating a chain named "<zone>_frwd" for most zones
defined using the /etc/shorewall/hosts file. It has since been
discovere...
2004 Nov 04
0
Preparing for Shorewall 2.2
...--------------------------------------
a) Shorewall 2.0 and 2.2 don''t allow you to specify rate limiting in the ACTION
column (e.g., ACCEPT<10/sec:40>) so you will need to move all rate limiting
specifications over to the RATE LIMIT column.
b) The "dropunclean" and "logunclean" interface options are no longer
supported on 2.0 and 2.2 so you should remove them from the OPTIONS column in
/etc/shorewall/interfaces.
c) The Default value for the ALL INTERFACES column in /etc/shorewall/nat
switches from "Yes" to "No". So if that column is empty in...
2003 Mar 21
1
Shorewall config format
Hi,
I''m a long time shorewall user and I like it very much. There is only
one thing were I''m not always happy with: the config files.
There has been discussion on the list about the comments in the files.
My concern is that I loose overview over my configuration because of the
many config files. Of course there are advantages too but I thinking
wether another config format would
2003 Nov 07
0
Shorewall 1.4.8
...t previously caused "shorewall start" to fail:
ACCEPT loc $FW icmp 0,8,11,12
3) Previously, if the following error message was issued, Shorewall
was left in an inconsistent state.
Error: Unable to determine the routes through interface xxx
4) Handling of the LOGUNCLEAN option in shorewall.conf has been
corrected.
5) In Shorewall 1.4.2, an optimization was added. This optimization
involved creating a chain named "<zone>_frwd" for most zones
defined using the /etc/shorewall/hosts file. It has since been
discovered that in many cases the...
2002 May 14
4
Redirect loc::80 to fw::3128 not work
...$FW net udp ntp
#[/etc/shorewall/shorewall.conf]--------------------------------------------
---
FW=fw
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
ALLOWRELATED="yes"
MODULESDIR=""
LOGRATE="1/minute"
LOGBURST="5"
LOGUNCLEAN=info
LOGFILE="/var/log/messages"
NAT_ENABLED="Yes"
MANGLE_ENABLED="Yes"
IP_FORWARDING="On"
ADD_IP_ALIASES="Yes"
ADD_SNAT_ALIASES="No"
TC_ENABLED="No"
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVEL=
CLAMPMSS="Yes"
ROUTE_F...