search for: rpaiz

Displaying 7 results from an estimated 7 matches for "rpaiz".

Did you mean: raiz
2003 Jul 16
6
HOWTO: Temporary dynamic blocking with Shorewall and Portsentry
..._TRIGGER="0" 4. Set up portsentry to run in "standard mode" for both TCP and UDP. Do NOT use the advanced or stealth modes. 5. My shell script to drop and then later allow the attacking IP address: #!/bin/bash # portsentry.temp.block # Rodolfo J. Paiz <rpaiz@simpaticus.com> # version 2003.07.01 # Usage: portsentry.temp.block <bad_ip> <bad_port> # portsentry.temp.block is a small script intended to be run by portsentry # when its sensors are triggered. It uses iptables (more specifically, it # uses the dynamic blacklisting capabilities...
2004 Jul 02
7
Shorewall Release Model
The current Shorewall release model has the following characteristics: a) The last two major releases are supported. b) Only the latest major release is actively developed. c) Bug fixes are available for the prior major release but only against the last minor release. d) The last major release is advertised as the "Current Release". I''m thinking of switching to a model that
2003 Aug 23
2
Warning of upcoming removal of ''logunclean'' and ''dropunclean'' interface options.
Harald Welte just announced that the 2.6 Kernels will not support the ''unclean'' match extension except via Patch-O-Matic. Since I have a polciy of not supporting Netfilter features that are only available in P-O-M, I will be removing the ''logunclean'' and ''dropunclean'' interface options from Shorewall. In 1.4.7, a warning will be issued if
2003 Nov 02
6
Shorewall CA Certificate
If any of you have been so bold as to install the Shorewall CA Certificate in your browser(s), the current certificate will expire on 11/13. There is a new 10-year certificate available for installation at: http://lists.shorewall.net/Shorewall_CA_html.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \
2004 Jun 28
6
URGENT: Shorewall Security Vulnerability
Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0
2003 Aug 19
7
[Fwd: Re: Shorewall 1.4.6: common chain rules are applied before policyrules?]
Thank you for your support. The next question: Is there a kind of common chain applied before ACCEPT policy? I want to DROP or REJECT Netbios traffic on most interfaces but do not want to repeat those rules in the rules file. Thanks, Boi -----Th?ng ?i?p chuy?n ti?p----- > From: Tom Eastep <tmeastep@hotmail.com> > To: Le.Hong.Boi@sg.netnam.vn > Subject: Re: Shorewall 1.4.6: common
2003 Oct 21
14
Prioritizing traffic
...have no knowledge yet. Is this possible (I assume it is)? Is what I want traffic shaping, or quality of service, or TCP flags... what is it? And, of course, is this something I can configure with Shorewall or should I go read up on something else? Thanks for any pointers, -- Rodolfo J. Paiz rpaiz@simpaticus.com