search for: routestopped

I get this enabling the option "routestopped" in my interface (eth0, net, one interface): Failed to apply configuration : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... ERROR: Invalid Interface option (routestopped) : /etc/shorewall/interfaces (line 11) Means that routestopped don''tt...

Hello, I use some define in classes like class foo { define bar() {} } before in .22.4 i had require => Bar[''mybar''] on object and it worked. Now i have : err: Could not apply complete configuration: Could not retrieve dependency ''Shorewall-realize[shorewall.conf]'' at /etc/puppet/manifests/classes/shorewall.pp: for exemple. Do anyone knwo why it

...n of routefilter ? The sample file in two-interface.tgz uses them both, but they seem to at least overlap. Since my internal network will be 192.168.1.0/24, will routefilter add anything that norfc1918 doesn''t provide? 2) Given the two interface I''net/LAN firewall/gateway, will routestopped do anything for me? If the firewall is stopped, the local machines should still be able to talk even without the routestopped in the /etc/shorewall/interfaces file, no? I just subscribed to this list a few minutes ago, but as yet have neither received a request to confirm the subscription reque...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello I try to setup a bridge firewall base on http://shorewall.net/bridge.html I''m using shorewall-1.4.10g-1. I doublecheck on /etc/shorewall/routestopped file on my firewall, and there is no "OPTIONS" options. Should I use different shorewall version ? Thanks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBSAnprxwpwopYHJsRAviOAKCBFasjrMhVpLumPMuoJPXnq...

Lars Jensen wrote: > Hi paul, > > The documentation for the routestopped configuration file at > http://shorewall.sourceforge.net/Documentation.htm#Routestopped says > that the host must be listed separated by commas. If this is done, an > error occurs upon reboot, and shorewall doesn''t load at all (debian). It > is necessary to include double quote...

..., Tom Eastep a écrit : > -------- Forwarded Message -------- > From: Tom Eastep <teastep@shorewall.net> > Reply-to: Shorewall Users <shorewall-users@lists.sourceforge.net> > To: Shorewall Users <shorewall-users@lists.sourceforge.net> > Subject: Re: [Shorewall-users] routestopped 4.2 to 4.4 > Date: Mon, 20 Jun 2011 13:37:02 -0700 > > On Mon, 2011-06-20 at 21:32 +0200, ml@smtp.fakessh.eu wrote: > > hi folks > > > > i describe my problem > > use centos 5.6 > > in the directory /etc/sysconfig/network-scripts/ > > there is no file c...

...s in the foot when doing remote system administration. I''ve been thinking about this problem and wonder if a change to the way that "shorewall stop" behaves might help. Today, "shorewall stop" stops all traffic except to/from those destinations listed in /etc/shorewall/routestopped. An alternative behavior would be: a) Established connections and their related traffic would still be enabled. This means that "shorewall stop" wouldn''t kill the ssh session from which you inadvertently issued the command.On the other hand, all other established connections wou...

...een removed from Shorewall-perl : /etc/shorewall/interfaces (line 11) Determining Hosts in Zones... Preprocessing Action Files... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /etc/shorewall/policy... Compiling /etc/shorewall/routestopped for critical hosts... Compiling /etc/shorewall/routestopped... Adding Anti-smurf Rules Adding rules for DHCP WARNING: The ''norfc1918'' option is deprecated Compiling /usr/share/shorewall/rfc1918... Compiling TCP Flags filtering... Compiling ARP Filtering... Compiling Kernel Rout...

...een removed from Shorewall-perl : /etc/shorewall/interfaces (line 11) Determining Hosts in Zones... Preprocessing Action Files... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /etc/shorewall/policy... Compiling /etc/shorewall/routestopped for critical hosts... Compiling /etc/shorewall/routestopped... Adding Anti-smurf Rules Adding rules for DHCP WARNING: The ''norfc1918'' option is deprecated Compiling /usr/share/shorewall/rfc1918... Compiling TCP Flags filtering... Compiling ARP Filtering... Compiling Kernel Rout...

...have a question about how shorewall handles traffic during a ''shorewall restart'': i''ve found that whenever i do this on one of my clustered firewalls, i get a huge number of errors in syslog relating to heartbeat timeouts. I''ve got the other cluster node in the routestopped file on both nodes, and ADMINISABSENTMINDED=Yes in shorewall.conf, but it still gives me errors like these: Jan 7 10:10:13 fwA heartbeat[13997]: ERROR: Error sending packet: Operation not permitted Jan 7 10:10:13 fwA heartbeat[13997]: ERROR: write failure on ping 192.168.0.43.: Operation not per...

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall stop'' followed by ''shorewall start'' then they erroneously c...

Hi! I am looking for suggestions how I can add rules (or change the configuration otherwise) without interrupting of services. Right now, when I need to do a ''shorewall restart'' all services are not available during this time. I tried playing with the ''routestopped'' parameter but without success. How do you get around this? Thanks in advance, Christian P.S. We are using 1.4.8 My routestopped looks like this: eth3 - and the ''interfaces'' - eth3 192.168.10.31,192.168.10.127,192.168.10.159.192.168.10.223

Hi all, I''m working on a patch for shorewall to make it run with a Crossbeam X40 machine (www.crossbeamsystems.com) and I would like to know where to send it, is this list the correct location?. The patch is necesary because of Crossbeam X series running mode: when you make a shorewall start, restart or clear, there are a packet dropping until shorewall is Started or cleaned. At

I believe that 2.4.0 is about ready to be sent out the door. I''ve made a couple of small changes since RC2 but I don''t believe that they warrant another RC. There remains the issue of what to do about support for Shorewall 2.0 given that 2.2 has only been available since March. It would be my recommendation to make 2.4 the new "stable" release but continue to

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2....

...s, running or stopped? What I mean is, some firewalls start-up and run, and they do their thing, then they stop. But the firewall is still really "working" even if its not seen as a "running" service. I use Mdk 9.0. Shorewall, is always running by default.I have read about the routestopped file and changed it accordingly. So I should be able to see out if shorewall is stopped, right? Or, is shorewall supposed to be running constantly and the routestopped is there as a contingency just in case a problem happens? Mdk 8.x''s used tiny firewall and bastille which ran once then s...

...low existing connections and internal traffic to/from loopback, effectively killing all new traffic at that point. I''m not sure if this is the intention, but certainly having a network that is briefly open is not ideal either. However I would of thought that at least traffic to/from the routestopped interfaces should be allowed at this point, but it doesn''t appear to be... Dave Hawkes ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Prac...

...9;'ve been using Shorewall for years without problems. My previous version of shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using rpm to 2.0.8-1. After update no one can connect to any interface from net. Server can connect to outside world fine and those described in routestopped have no problem connecting. Any help correcting this problem would be appreciated. Redhat Linux kernel 2.4.20-20.7smp /sbin/shorewall version 2.0.8 /sbin/ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1...

...500 501 208 Mar 28 2004 . drwxr-xr-x 10 jbanks users 664 Feb 28 21:56 .. -rwxrwxr-x 1 500 501 5882 Mar 28 2004 interfaces -rwxrwxr-x 1 500 501 3328 Mar 14 2004 masq -rw-rw-r-- 1 500 501 3399 Mar 14 2004 policy -rw-rw-r-- 1 500 501 804 Mar 14 2004 routestopped -rwxrwxr-x 1 500 501 11312 Mar 14 2004 rules -rw-rw-r-- 1 500 501 606 Mar 14 2004 zones >>>>>snip I recently upgraded another Shorewall setup to 2.0.7 on a differnet Gentoo pc and all files are owned by root in the /etc/shorewall directory and the file owner.g...

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other