search for: maclist_disposition

> Yes -- just leave the setting of MACLIST_DISPOSITION=REJECT and any request > from interfaces with the ''maclist'' option will be rejected if there isn''t a > match found in the maclist file. I have wrote some IP''s and MAC''s from my network, for example : #INTERFACE MAC...

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP ADDRESSES (Optional) eth0 00:30:4F:19:73:0C...

Hi, I have a few problems with my shorewall configuration. First of all, the option maclist seems no to be recognized. I have this: ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#'' - eth1 detect dhcp,tcpflags,routefilter loc eth0 detect tcpflags,maclist When I look at shorewall-init.log, I found out:

...ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + LOGUNCLEAN= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + NAT_BEFORE_RULES= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_DISPOSITION= + MACLIST_LOG_LEVEL= + TCP_FLAGS_DISPOSITION= + TCP_FLAGS_LOG_LEVEL= + RFC1918_LOG_LEVEL= + MARK_IN_FORWARD_CHAIN= + SHARED_DIR=/usr/share/shorewall + FUNCTIONS= + VERSION_FILE= + LOGFORMAT= + LOGRULENUMBERS= + stopping= + have_mutex= + masq_seq=1 + nonat_seq=1 + aliases_to_add= + TMP_DIR=/tmp/sho...

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=infointerfaces:#ZONE INTERFACE BROADCAST OPTIONSnet ppp0 217.96.90.242 nopingloc eth0 255.255.255.0 routestopped,maclistmaclist:#INTERFACE MAC IP ADDRESSES (Optional)eth0 00:30:4F:19:73:0C 192.168.1.2 eth0...

Hy, sorry for my poor english i think i''m having a very unusual problem and very dificult to track, but i''ll try to explain it as best as i can. here is my scenario: a firewall/bridge composed of 3 ethernet devices and 1 virtual one. my bridge (br0 ) is composed of eth0, eth1 and tap0 br0:eth0 is my connection to my router (200.244.92.1) br0:eth1 is my connection to my

Hi, I''m a long time shorewall user and I like it very much. There is only one thing were I''m not always happy with: the config files. There has been discussion on the list about the comments in the files. My concern is that I loose overview over my configuration because of the many config files. Of course there are advantages too but I thinking wether another config format would

...P_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=No BLACKLISTNEWONLY=No MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP [root@hn00dmz01 root]# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 5: bond0: <BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc...

...T_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP -- Matej -- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSp...

...=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes DROPINVALID=Yes RFC1918_STRICT=No MACLIST_TTL= BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP /etc/shorewall/start: (not configured) /etc/shorewall/stop (not configured) /etc/shorewall/stopped: (not configured) /etc/shorewall/tcrules: (not configured) /etc/shorewall/tos: (not configured) /etc/shorewall/tunnel: (for defect) /etc/shorewall/tunnel...

...ADD_SNAT_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=yes ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP #LAST LINE -- DO NOT REMOVE START: ---------------------------------------------------------------------------- ------------------ run_iptables -I INPUT -i eth0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug run_iptables -I FORWARD -i eth0 -j LOG --log-prefi...

...PE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No IMPLICIT_CONTINUE=Yes HIGH_ROUTE_MARKS=No USE_ACTIONS=Yes OPTIMIZE=0 EXPORTPARAMS=Yes EXPAND_POLICIES=Yes KEEP_RT_TABLES=No DELETE_THEN_ADD=Yes MULTICAST=No DONT_LOAD= BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP #LAST LINE -- DO NOT REMOVE Now, I know that I could set up a wpad mechanism and make automatic configuration of my browsers. However I like the concept of transparent proxying and I''m interested where this problem in switching between port 80 on squid an...

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

...s ADD_SNAT_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=No ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP As you can see I have "info" set for most logging levels. My /etc/syslog.conf contains the following lines (among others of course): *.*;auth,authpriv.none /var/log/syslog kern.* /var/log/kern.log *.=info;*.=notice;*....

...OPTIMIZE_ACCOUNTING=No REQUIRE_INTERFACE=No RESTORE_DEFAULT_ROUTE=Yes RETAIN_ALIASES=No ROUTE_FILTER=No SAVE_IPSETS=No TC_ENABLED=No TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=No USE_DEFAULT_RT=No USE_PHYSICAL_NAMES=No ZONE2ZONE=2 BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT RELATED_DISPOSITION=ACCEPT SMURF_DISPOSITION=DROP SFILTER_DISPOSITION=DROP TCP_FLAGS_DISPOSITION=DROP TC_BITS= PROVIDER_BITS= PROVIDER_OFFSET= MASK_BITS= ZONE_BITS=0 IPSECFILE=zones ---------------------------------------------------------------------- /etc/shorewall/interfaces ------------...

I have what strikes me as an odd problem with shorewall. Let me describe my setup. My desktop (alfred) is connected to the network through an ADSL modem. I am running rp-pppoe, and this works perfectly. I have a small home network, with two LANs; an Ethernet LAN (including a machine running Windows XP), and a WiFi LAN, including the laptop (william) I am using now. All the computers except for

...DD_SNAT_ALIASES=no TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=Yes CLAMPMSS=No ROUTE_FILTER=No DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP ------------------------------------------------------ Where is the mistake ? JN

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

...DIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + LOGLIMIT= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + LOG_MARTIANS= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_DISPOSITION= + MACLIST_LOG_LEVEL= + TCP_FLAGS_DISPOSITION= + TCP_FLAGS_LOG_LEVEL= + RFC1918_LOG_LEVEL= + BOGON_LOG_LEVEL= + MARK_IN_FORWARD_CHAIN= + SHARED_DIR=/usr/share/shorewall + FUNCTIONS= + VERSION_FILE= + LOGFORMAT= + LOGRULENUMBERS= + ADMINISABSENTMINDED= + BLACKLISTNEWONLY= + MODULE_SUFFIX= + ACTIONS=...

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled