search for: rejec

This is a minor release of Shorewall. Problems Corrected: 1) TCP connection requests rejected out of the common chain are now properly rejected with TCP RST; previously, some of these requests were rejeced with an ICMP port-unreachable response. 2) ''traceroute -I'' from behind the firewall previously timed out on the first hop (e.g., to the firewall). This has...

...ory /etc/shorewall/lists b) In this directory, are files containing lists of IP addresses and/or=20 subnets c) a new JUMP rule: =09JUMP:list1=09loc=09net=09tcp=09http d) By default, matching in the list would be by destination address and i= f a=20 match was found, the connection request would be REJECTed e) The default behavior could be overridden through entries in a list: =09SOURCE:ACCEPT for example would match on the source address and would accept the connection request. f) Multiple match and disposition specifications could be in a file: =09SOURCE:ACCEPT =091.2.3.4 =094.5.6.0/24...

...m running Kernel 2.6.18, Shorewall 3.2.4, iptables 1.3.5, and iproute iproute2-ss060323. The problem is that I can''t get the GRE packets to make it through the firewall. Any time I try to pass traffic I get (on the righthand host in the diagram): Jan 4 10:53:47 slc-gw-01 Shorewall:INPUT:REJECT:IN=vlan4 OUT= MAC=00:15:c5:f5:99:be:00:b0:c2:89:af:68:08:00 SRC=67.42.31.242 DST=166.70.106.148 LEN=112 TOS=0x00 PREC=0x00 TTL=240 ID=0 DF PROTO=47 I even went as far as putting a rule (ACCEPT inet:67.42.31.242 $FW 47) instead of the entry in the tunnels file with the same result. Here are...