search for: route_filt

Displaying 20 results from an estimated 25 matches for "route_filt".

Did you mean: route_file
2003 Oct 30
0
Shorewall 1.4.8 RC1
...ule generated by the entry. It is now applied to all entries. 7. An incorrect comment concerning Debian''s use of the SYBSYSLOCK option has been removed from shorewall.conf. 8. Previously, neither the ''routefilter'' interface option nor the ROUTE_FILTER parameter were working properly. This has been corrected (thanks to Eric Bowles for his analysis and patch). The definition of the ROUTE_FILTER option has changed however. Previously, ROUTE_FILTER=Yes was documented as enabling route filtering on all interfaces (wh...
2003 Nov 07
0
Shorewall 1.4.8
...lt;zone>_frwd" chain to have too few rules. That has been corrected (twice). 8) An incorrect comment concerning Debian''s use of the SYBSYSLOCK option has been removed from shorewall.conf. 9) Previously, neither the ''routefilter'' interface option nor the ROUTE_FILTER parameter were working properly. This has been corrected (thanks to Eric Bowles for his patch). The definition of the ROUTE_FILTER option has changed however. Previously, ROUTE_FILTER=Yes was documented as enabling route filtering on all interfaces (which didn''t work). Beginn...
2002 Apr 13
2
Shorewall 1.2.11 Available
...be restarted after the new configuration has been running for that length of time. This prevents a remote admin from being locked out of the firewall in the case where the new configuration starts but prevents access. 2. Kernel route filtering may now be enabled globally using the new ROUTE_FILTER parameter in /etc/shorewall/shorewall.conf. 3. Individual IP source addresses and/or subnets may now be excluded from masquerading/SNAT. 4. Simple "Yes/No" and "On/Off" values are now case-insensitive in /etc/shorewall/shorewall.conf. -Tom -- Tom Eastep \ Shorewall...
2012 Jan 19
3
Problema link balance and internet bank
...ntw 2 - main eth4 189.36.0.2 track,balance=10 #tcrules 2:T 172.16.11.33 0.0.0.0/0 tcp 80,443 2:P 172.16.11.33 0.0.0.0/0 tcp 80,443 2 $FW 0.0.0.0/0 tcp 80,443 #shorewall.conf RESTORE_DEFAULT_ROUTE=No ROUTE_FILTER=No SAVE_IPSETS=No TC_ENABLED=Internal TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=Yes USE_DEFAULT_RT=No WIDE_TC_MARKS=Yes Thanks in advance -- *Fabiano Stocco** **Sysadmin* Agro Industrial Parati Ltda - Averama 44-3672-8000 44-8444-6635** ---------...
2005 Jan 04
5
Shorewall and ChilliSpot
Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the
2003 Aug 12
1
Shorewall Keeps sending false IP Address Conflict
...usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + terminator=startup_error + version= + FW= + SUBSYSLOCK= + STATEDIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + LOGUNCLEAN= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + NAT_BEFORE_RULES= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_DISPOSITION= + MACLIST_LOG_LEVEL= + TCP_FLAGS_DISPOSITION= + TCP_FLAGS_LOG_LEVEL= + RFC1918_LOG_LEVEL= + MARK_IN_FORWARD_CHAIN= + SHARED_DIR=/usr/share/shorewall + FUNCTIONS= + VERSI...
2004 Aug 12
1
SMTP, IP, WHM news problems....
...d not complete or connection refused... yes, I set 25 port for smtp in shorewall! Also, now WHM can`t get news from cPanel server! Also, now I can`t resolve IP addresses with PHP scripts, I can`t get who is host, only numbers.... POP3 work fine.... In shorewall.conf I have: IP_FORWARDING=Off ROUTE_FILTER=Yes In "/etc/shorewall/interfaces": net eth0 detect norfc1918,nobogons,blacklist,nosmurfs In "/etc/shorewall/rules": ACCEPT net fw icmp 8 ACCEPT net fw tcp 20 ACCEPT net fw tcp 21 ACCEPT net fw tcp 22 ACCEPT net fw tcp 25 ACCEPT net fw tcp 53 ACCEPT net fw udp 53 ACCEPT net...
2013 Mar 16
23
Shorewall 4.5.15 Beta 1
Beta 1 is now availablew for testing. Problems Corrected: 1) Previously, the Shorewall and Shorewall6 install.sh scripts did two things wrong with respect to the /etc/shorewall[6]/routes file: - The existing file was unconditionally removed. - A skeleton file was not installed when SPARSE was not set in the shorewallrc file. Additionally, the installer would remove
2013 Mar 16
23
Shorewall 4.5.15 Beta 1
Beta 1 is now availablew for testing. Problems Corrected: 1) Previously, the Shorewall and Shorewall6 install.sh scripts did two things wrong with respect to the /etc/shorewall[6]/routes file: - The existing file was unconditionally removed. - A skeleton file was not installed when SPARSE was not set in the shorewallrc file. Additionally, the installer would remove
2002 May 14
4
Redirect loc::80 to fw::3128 not work
...UNCLEAN=info LOGFILE="/var/log/messages" NAT_ENABLED="Yes" MANGLE_ENABLED="Yes" IP_FORWARDING="On" ADD_IP_ALIASES="Yes" ADD_SNAT_ALIASES="No" TC_ENABLED="No" BLACKLIST_DISPOSITION=DROP BLACKLIST_LOGLEVEL= CLAMPMSS="Yes" ROUTE_FILTER="Yes" NAT_BEFORE_RULES="Yes" #[/etc/shorewall/start]----------------------------------------------- run_iptables -I OUTPUT 2 -m state -p icmp --state INVALID -j DROP #[/etc/shorewall/zones]----------------------------------------------- net Net Internet Blixe...
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
...h SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall/action:/etc/shorewall/custom:/etc/shorewall:/usr/share/shorewall FW=fw IP_FORWARDING=Off ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=No BLACKLISTNEWONLY=No MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP [root@hn00dmz01 root]# ip addr show 1: lo: <LOOPBAC...
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
...UNCLEAN=info LOGFILE="/var/log/messages" NAT_ENABLED="Yes" MANGLE_ENABLED="Yes" IP_FORWARDING="On" ADD_IP_ALIASES="Yes" ADD_SNAT_ALIASES="No" TC_ENABLED="No" BLACKLIST_DISPOSITION=DROP BLACKLIST_LOGLEVEL= CLAMPMSS="Yes" ROUTE_FILTER="Yes" NAT_BEFORE_RULES="Yes" #[/etc/shorewall/start]----------------------------------------------- run_iptables -I OUTPUT 2 -m state -p icmp --state INVALID -j DROP #[/etc/shorewall/zones]----------------------------------------------- net Net Internet Blixe...
2006 Aug 29
3
masq problem
...r/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= IPSECFILE=zones FW= IP_FORWARDING=Keep ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No BLACKLIST_DISPO...
2007 Nov 10
2
Access Point with Ethernet.
...l/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes DROPINVALID=Yes RFC1918_STRICT=No MACLIST_TTL= BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT...
2005 Apr 19
14
allow ssh access from net to fw?
...ocal/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=yes ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=Yes ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP #LAST LINE -- DO NOT REMOVE START: ----...
2009 Jun 27
1
Transparent Proxy Problem with Squid3 and Shorewall
...RSH_COMMAND=''ssh ${root}@${system} ${command}'' RCP_COMMAND=''scp ${files} ${root}@${system}:${destination}'' IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal TC_EXPERT=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes DELAYBLACKLISTLOAD=No MODULE_SUFFIX= DISABLE_IPV6=Yes BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes RFC1918_STRICT=No MACLIST_TABLE=filter MACLIST_TTL= SAVE_IPSETS=No MAPOLDACTIONS=No FASTACCEPT=No IMPLICIT_CONTIN...
2013 Jun 13
3
"Multiple Internet Connections" with four interfaces
Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918
2009 Dec 16
3
Dual-homing BGP gate problem
Hi Tom, After two weeks of nightmares I decided ask You (and anyone reading this mail). Context is as follows: I try to update system on my central router from kernel 2.6.29.6 and Shorewall 4.2.6 (old) to kernel 2.6.31.6 and Shorewall 4.4.4.2 (new). This is LiveCD image boot (Devil-Linux distribution compiled by me), so config is this same. I have established ten OpenVPN tunnels and two
2004 Oct 29
8
No entries in the syslog, even though the LOG chains show counts
...al/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=Keep ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60 NEWNOTSYN=No ADMINISABSENTMINDED=Yes BLACKLISTNEWONLY=Yes MODULE_SUFFIX= DISABLE_IPV6=No BRIDGING=No DYNAMIC_ZONES=No PKTTYPE=Yes BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT TCP_FLAGS_DISPOSITION=DROP As you can see I have "info" se...
2013 Sep 10
6
lsm configuration issues...
...Y_FASTSTART=Yes LOAD_HELPERS_ONLY=No MACLIST_TABLE=filter MACLIST_TTL= MANGLE_ENABLED=Yes MAPOLDACTIONS=No MARK_IN_FORWARD_CHAIN=No MODULE_SUFFIX=ko MULTICAST=No MUTEX_TIMEOUT=60 NULL_ROUTE_RFC1918=No OPTIMIZE=0 OPTIMIZE_ACCOUNTING=No REQUIRE_INTERFACE=No RESTORE_DEFAULT_ROUTE=Yes RETAIN_ALIASES=No ROUTE_FILTER=No SAVE_IPSETS=No TC_ENABLED=No TC_EXPERT=No TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" TRACK_PROVIDERS=No USE_DEFAULT_RT=No USE_PHYSICAL_NAMES=No ZONE2ZONE=2 BLACKLIST_DISPOSITION=DROP MACLIST_DISPOSITION=REJECT RELATED_DISPOSITION=ACCEPT SMURF_DISPOSITION=DROP SFILTER_DISPOSITION=DR...