Displaying 10 results from an estimated 10 matches for "run_iptables2".
Did you mean:
run_iptables
2002 Dec 19
0
Another Little Patch
...terface}_options=\"$options\"
- for option in `separate_list $options`; do
+ for option in $options; do
case $option in
dhcp|noping|filterping|routestopped|norfc1918|multi|tcpflags)
;;
@@ -2160,8 +2160,8 @@
if [ "$loglevel" = ULOG ]; then
run_iptables2 -A $chain $proto $multiport \
$state $cli $sports $serv $dports -j ULOG $LOGPARMS \
- --ulog-prefix "Shorewall:$chain:$logtarget:" \
- else
+ --ulog-prefix "Shorewall:$chain:$logtarget:"
+ else
run_iptables2 -A $chain $proto $multiport \
$state $cli $sports...
2004 Sep 25
0
Re: help with a W2K VPN client 619 error and PPTPserver
...off of the mailing list, feel free to put it back
on there if you want.
Hmmm -- the tunnels file has never accepted "!" in the GATEWAY column
regardless of the tunnel type :-(
Change the ''addrule()'' function (line 293 in
/usr/share/shorewall/firewall) to use ''run_iptables2'' rather than
''run_iptables''.
~ addrule() # $1 = chain name, remainder of arguments specify the rule
~ {
~ ensurechain $1
~ run_iptables2 -A $@
~ }
I''ve tested that change with this tunnels file entry:
pptpserver net !64.139.97.4...
2004 Sep 02
3
Traffic shapping Bug ?
...as simple as :
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
2 eth1 0.0.0.0/0 tcp 80
As a result, I tried to get more information using the shorewall start debug 2 >
file command.
Here''s what I got :
+ run_iptables2 -t mangle -A tcfor -p -j MARK --set-mark ''PORT(S)''
+ ''['' ''x-t mangle -A tcfor -p -j MARK --set-mark PORT(S)'' = ''x-t mangle -A tcfor -p -j MARK --set-mark PORT(S)'' '']''
+ run_iptables -t mangle -A tcfor -p -j MA...
2005 Mar 27
2
Can''t get shorewall to start...
...ROR: Command "/sbin/iptables -A'' OUTPUT -o eth0 -d
''!192.168.0.0/24'' -j ''fw2net" Failed''
ERROR: Command "/sbin/iptables -A OUTPUT -o eth0 -d !192.168.0.0/24
-j fw2net" Failed
It looks like there are places that should be calling run_iptables2, not
run_iptables.
Shorewall version is 2.2.2
I don''t think you need the rest of the stuff since this isn''t a problem
with the iptables running, but with getting the iptables generated in
the first place.
Dick Munroe
2005 Feb 23
9
shorewall friendly way of limiting ssh brute force attacks?
I was wondering if anyone had implemented rules like this in shorewall:
http://blog.andrew.net.au/tech
I see tons of brute force attempts on the machines I administer, and I like
the idea of limiting them without the need for extra daemons scanning for
attacks.
Thanks,
Dale
--
Dale E. Martin - dale@the-martins.org
http://the-martins.org/~dmartin
2003 Aug 25
2
Mandrake Connection Sharing facility problem.
...in eth0_masq
+ havenatchain eth0_masq
+ eval test ''"$eth0_masq_nat_exists"'' = Yes
++ test '''' = Yes
+ createnatchain eth0_masq
+ run_iptables -t nat -N eth0_masq
+ iptables -t nat -N eth0_masq
+ eval eth0_masq_nat_exists=Yes
++ eth0_masq_nat_exists=Yes
+ run_iptables2 -t nat -A eth0_masq -s 192.168.200.0/255.255.255.0 -d
0.0.0.0/0 -j MASQUERADE
+ ''['' ''x-t nat -A eth0_masq -s 192.168.200.0/255.255.255.0 -d 0.0.0.0/0 -j
MASQUERADE'' = ''x-t nat -A eth0_masq -s 192.168.200.0/255.255.255.0 -d
0.0.0.0/0 -j MASQUERADE'...
2004 Jan 21
3
FW: DNAT and masq problem with kernel 2.4.23
...0/0268.html
http://lists.netfilter.org/pipermail/netfilter/2003-September/046962.html
Here is tail from debug message. How I can force to shorewall use
POSTROUTING chain for masq and DNAT instead of user defined chains?
# tail /tmp/trace
+ eval exists_nat_net_dnat=Yes
+ exists_nat_net_dnat=Yes
+ run_iptables2 -t nat -A net_dnat -p tcp -d 212.24.147.254 --dport http -j
DNAT
--to-destination 192.168.140.2
+ [ x-t nat -A net_dnat -p tcp -d 212.24.147.254 --dport http -j
DNAT --to-desti
nation 192.168.140.2 = x-t nat -A net_dnat -p tcp -d 212.24.147.254 --dport
http
-j DNAT --to-destination 192.168.140.2...
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
2004 Aug 19
4
MASQUERADE problem again...
...sts_nat_eth0_masq"'' = Yes
++ test '''' = Yes
+ createnatchain eth0_masq
+ run_iptables -t nat -N eth0_masq
+ ''['' -n '''' '']''
+ iptables -t nat -N eth0_masq
+ eval exists_nat_eth0_masq=Yes
++ exists_nat_eth0_masq=Yes
+ run_iptables2 -t nat -A eth0_masq -s 192.168.4.0/24 -d 0.0.0.0/0 -j
MASQUERADE
+ ''['' ''x-t nat -A eth0_masq -s 192.168.4.0/24 -d 0.0.0.0/0 -j
MASQUERADE'' = ''x-t nat -A eth0_masq -s 192.168.4.0/24 -d 0.0.0.0/0 -j
MASQUERADE'' '']''
+ run_iptab...
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer