search for: paulgear

Displaying 20 results from an estimated 64 matches for "paulgear".

2004 Apr 24
0
Announce: shoregen 0.1.1 release
Hi folks, As requested earlier in the week, i''ve done some cleaning on my little script to manage shorewall configurations across multiple firewalls, and the results are available now. You can find a (rather banal) pointer at: http://paulgear.webhop.net/linux/#shoregen Download it at: http://paulgear.webhop.net/linux/RPMS/noarch/shoregen-0.1.1-1.noarch.rpm For you non-RPM types, i''ve also made a tarball at http://paulgear.webhop.net/linux/tarballs/shoregen-0.1.1.tar.gz I hope you find shoregen useful. I welcome your comment...
2006 Mar 02
4
The inaugural Shorewall survey!
...subscription to Zoomerang zPro is US$75.) If we raise sufficient funds to upgrade, these limits will not apply. Thanks to everyone who has beta tested this survey. Beta testers, please fill in this final version as well, so that we can collate all of the results in one place. -- Paul <http://paulgear.webhop.net> -- This message is signed with a GNU Privacy Guard cryptographic signature. If you are reading this message in a text attachment, it is because your email client does not support OpenPGP. Please consider upgrading to one of the secure alternatives from <http://mozilla.org/>.
2005 Jun 24
4
Chat servers?
Anyone know how/where we can get some? It has been raised before: http://lists.shorewall.net/pipermail/shorewall-users/2004-July/013594.html I''d like to see an IRC or Jabber service for both support and development. -- Paul <http://paulgear.webhop.net> -- Did you know? OpenOffice.org has built-in PDF creation. Better yet, it''s compatible with Microsoft Office, and free! Find out more at <http://www.openoffice.org>. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Ty...
2005 Jun 24
13
Test environments?
...ing out Xen for this myself, but until then does anyone have a canned test host they''d be willing to let me use for a while? P.S. SourceForge still haven''t got around to moving our list, so we''ll have to keep going here for a while... Thanks in advance, Paul <http://paulgear.webhop.net> -- Did you know? Using accepted quoting conventions makes your email easier to understand. Learn how at <http://www.netmeister.org/news/learn2quote.html>. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-s...
2004 Apr 19
3
multiples firewall, rules repartitions
Hello, Usually when i''ve a hole to poke through firewalls, i have many hosts to update : workstation firewall, lan firewall, the other lan firewall, and the server behind the last firewall. all of them are managed with shorewall... Is there a smart way to update them all at once ? What you guys do on your firewalls ? thanks. -- xavier
2002 May 15
4
Your opinion please
The 1.2 firewall contains messy logic to support the old sample configurations in that any rule that contains "none" in any of its columns is ignored. I''m considering removing that messiness in 1.3 and seek the opinion of the list. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
2005 Jun 20
4
Startup Failure when using not!
I''m using Shorewall 2.4.0 under Fedora Core 4. I''m using ULOG to log my firewall''s dropped connections, but I want to drop a couple ports silently as they''re taking up too much log space. According to the rules file: "The ACTION may optionally be followed by ":" and a syslog log level (e.g, REJECT:info or DNAT:debug). This causes the packet to
2005 Jul 04
2
[OT] MyOSS Magazine - Edition 3 Available Now!
Hi All, Just wanted to announce that MyOSS Magazine - Edition 3 (We''re Edition 3!) is now officially hitting the street. This is a community driven project which aims to publish monthly. (Sorry if this is considered as spam). Securing your Network Connection using OpenSSL OpenSSL is a very important protocol in this day and age. The profilteration of the internet has made this
2005 May 27
10
Help wanted notices
...;'ve added a couple of ''help wanted'' ads to our SourceForge project. You can see them at http://sourceforge.net/people/?group_id=22587 I''ll add more as i have the opportunity. If you can think of other jobs we need to assign, please let me know. -- Paul <http://paulgear.webhop.net> -- Did you know? Using accepted quoting conventions makes your email easier to understand. Learn how at <http://www.netmeister.org/news/learn2quote.html>. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-s...
2012 Mar 18
4
fail2ban
Hi, I realise that one can simply start fail2ban and then it will insert its own ruleset before shorewall''s ruleset. Are there subscribers to this list having alternative (and probably better) ways to use both fail2ban and shorewall? Thanks, Mark ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90
2005 Jun 22
6
Port forwarding/DNAT of broadcast packets?
Hi folks, Has anyone out there done port forwarding or DNAT for UDP packets that are normally sent to the broadcast address (255.255.255.255)? I have to support a nasty database application called FileMaker Pro (those of you who know it are probably groaning about now), which uses broadcasts to locate the database server. Theoretically, i can get around this requirement by using LDAP lookups
2005 Apr 16
6
wishlist: ''none'' as source address in rules
Hi, I plug my laptop in different networks and use the following hack to configure automatically shorewall for trusted/untrusted networks: In /etc/shorewall/params: # none is a dummy zone associated to the loopback interface NONE="none:0.0.0.0" # Network scheme, automatically detected by intuitively NETWORK_SCHEME="$(cat /etc/network/scheme 2>/dev/null)" case
2005 May 27
3
Re: Shorewall development web site (Mike Noyes)
Hello, I leave for a couple days .. (Well months) and look at what has happened. :-) I would throw my support in behind Xoops .. to be honest .. If a portal is what we are trying to achieve here. I just happen to think that sometimes .. More work goes into web design etc than goes into actual Code. But thats because I am a lamer at web design :-) I am coming in here a bit late .. But tell
2005 Jun 30
10
Long Shorewall Startup Times Revisited
Hello, With reference to the problems listed below. I too am having incredibly long start up times. I''m talking minutes here (around 5 minutes). My configuration is not complex I don''t think. We are you using ldap too and the settings are bellow. The network is up as I''m restarting shorewall whilst the machine is running. Any suggestions? Is there no way to
2005 May 26
11
Quick poll: CVS commits
...c.). A rule of thumb with this setup would be that people with write access to CVS would need to be on the coding list, whereas people on the devel list would not necessarily be. Votes, please, along with an indication of which lists you would subscribe to, if there were two. -- Paul <http://paulgear.webhop.net> -- Did you know? Most email-borne viruses use a false sender address, so you cannot track down the sender using that address. Instead, keep your virus scanning software up-to-date and just delete any suspicious emails you receive. -------------- next part -------------- A non-text...
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net
2004 Jan 09
32
Ideas for Shorewall 2.0
I''m beginning to think again about what will be different in 2.0. Here are some thoughts. a) User-defined actions will be emphasized. - A library of actions will be available with names such as: AcceptSSH AcceptDNS DropWindows (drops all SMB noise) DropBroadcasts (Silently drop all Broadcast traffic) ... The possibilities are nearly endless but should
2005 Jan 05
22
Shorewall and IPV6
As 2.2.0 is nearing release, I''ve begun to think about what I''ll do for 2.3 and I think that it is time for Shorewall to add support for IPV6. Because of parsing ambiguities, the need to maintain upward compatibility with both Shorewall and 6Wall, and different available functionality in IPV4 and IPV6 Netfilter, I believe that it is going to be necessary for some files to be
2005 Jun 01
5
use of shell code in shorewall/params
The params file appears to be simply "sourced" by the firewall script, which means one can put any Bourne shell code into it and it will execute it. This feature isn''t documented, so I''m wondering if it can be documented and thus guaranteed to always work. I''d like to dig out the IP parameters of my interface cards from the ifcfg-eth? files and set shorewall
2005 Jun 12
8
proxy_arp: Permission denied
Dear All, I have a problem to start Shorewall on a Debian 1.3 Linux box. Here is some info: Output of ''/sbin/shorewall trace start 2> /tmp/trace'' is in the attachment. Shorewall version: 2.2.3 Output of ''ip addr show'': 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: bond0: