search for: shorewall2

I''ve gotten the basic code working on my firewall. So that I can quickly get back online if I screw up, I''m currently calling it shorewall2. That way if it screws up I can just "shorewall restart". /sbin/shorewall2 -- command interpreter /etc/shorewall2/ -- configuration files /usr/share/shorewall2/ -- shared files Both Shorewall and Shorewall2 use the same state directory. /etc/shorewall/actions.std defines th...

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 186 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050604/bee263f3/signature.bin

Hello all, I tried to include a file from within the accounting config-file. The filename was specified using a parameter in params as: ACCFILE=/var/lib/shorewall/accounting.generated and then included in accounting as: INCLUDE $ACCFILE However when (re)starting shorewall, it gave some error about being unable to find ''/etc/shorewall/$ACCFILE'' (with the $ACCFILE parameter

Dear All, I have read all the documentation I can find but I still have not understood how, in what context and where to use the action commands enumerated in /usr/share/shorewall/actions.std. Illustrating with SMB traffic for instance, how can one use AllowSMB, DropSMB and RejectSMB to control SMB traffic instead of the classic ACCEPT z1 z2 udp 135,445 ACCEPT z1

Hi! how can I mark ack packets with shorewall 2.x? (In 1.x I have done it with own rule in common file) TiA CU

The current CVS Project Shorewall2/ contains my implementation of this feature. Thanks go to Xavier for ideas about the design. Xavier -- please give my code a try and see if it works ok for you. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ t...

>From a diff of my current shorewall firewall script with the new one from the CVS today : $ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall [...] 673c910 < for network in $networks; do --- > for networks in $networks; do I don''t think that "for networks in $networks" works well. -- -IAN! Ian! D. Allen Ottawa, Ontario,

Hi Folks, I''m a new user to Shorewall, it came installed on the redWall firewall that I am using and I''m really happy with both projects! Thanks for all your work on it! I have a question about tcrules and $FW. I''m doing source policy routing and need to be able to add an output rule to the mangle chain with a source that is specific network, not 0.0.0.0/0. It

Hello everybody, I want to solve the following problem with Shorewall: I have a computer with one NIC (eth0) with an internal IP address (10.1.x.x), which is supposed to accept connections from various clients (10.2.x.x) and redirect them to another IP address (10.3.x.x) with a different destination port. For example: The software on the client computer is told to connect to the Shorewall

Hi, I plug my laptop in different networks and use the following hack to configure automatically shorewall for trusted/untrusted networks: In /etc/shorewall/params: # none is a dummy zone associated to the loopback interface NONE="none:0.0.0.0" # Network scheme, automatically detected by intuitively NETWORK_SCHEME="$(cat /etc/network/scheme 2>/dev/null)" case

I would like to add a rule allowing only the address 192.168.150.20 and the range of addresses from 192.169.150.100 to 192.168.150.150 in zone dmz0 to connect to two terminal servers in the local zone. Is there a syntax that can specify a range of addresses in the rules file? Do I have to enter each one separately? -- Stephen Carville Unix and Network Adminstrator DPSI 6033 W.Century Blvd.

Hello, I have the following situation : Server with 2 nics 1 nics connected to the internet, 1 connected to the LAN I have OpenVPN running on the system and the following setting in the tunnels file : =================================== openvpn:2000 net 62.58.0.226 openvpn:2001 net 62.58.0.226 openvpn:2002 net 62.58.0.226 =================================== All tunnels ran for weeks

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall

hi all iam newbee, i ve install shorewall 1.3.11 on mandrake 8.2 , i ve eth0 with local ip 192.168.40.40/21 and eth1 203.128.65.22/255.255.255.248 the problem is when my client try connect to internet the page cannot be displayed and while client try ping to internet address reply from 192.168.40.40 destination net unreachable why it can happend ? anyone can give me a hand

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m running systems with openswan and modified _updown script supporting shorewall dynamic hosts. Because on problems with cvs head version of openswan I found a error from shorewall dynamic hosts support. When host is already in zone shorewall aborts adding process with error. This is not good thing(tm). I found out that deleting host from

Hi! I''m wondering whether anyone has successfully set up a bandwidth control system using ipp2p and shorewall. I have been able to drop connecions altogether, but I don''t seem to be able to get CONNMARK working with ipp2p. Any pointers would be greatly appreciated :) ______________________________ Mario R. Pizzolanti

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19: