search for: shorewall6

Hello, shorewall6 seem to have problems duplicating the main routing table. shorewall6 tries to add the fe80::/64 route of every ipv6 configured interface to routing table 1. The first route applies but the other ones not. If i try to add the routes manually to routing table 1 i have to add the first fe80::/64 rout...

I''m attaching a few changes that are specific to Arch Linux and are motivated by our recent switch to systemd. System V init scripts are no longer used/supported on Arch Linux and, therefore, the Arch Linux init scripts can be removed from Shorewall. The two patches that follow are based against master; if it''s possible to apply them to the upcoming Shorewall 4.5.13 as well,

I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ----------------------...

Hey all, Just a sanity check, but should the shorecap script in shorewall6-lite be sourcing /usr/share/shorewall6-lite/lib.base rather than /usr/share/shorewall-lite/lib.base like it does currently? In fact shouldn''t there be a general s/shorewall-lite/shorewall6-lite/ in shorecap in shorewall6-lite? Maybe there is more of that lurking about as well. Also, the...

Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall to...

Hi, I have servers where shorewall6 won''t reject nor log: # cat /etc/shorewall6/zones fw firewall net ipv6 # cat /etc/shorewall6/interfaces net eth1 tcpflags (I also tried without "tcpflags", but no changes) # cat /etc/shorewall6/policy $FW all ACCEPT all all REJECT info # cat /etc/shorewall6/rules SECTION NE...

I looked online for documentation about this, but couldn''t find it. Is anybody else running a Teredo relay, on a firewall that has both Shorewall and Shorewall6 installed? I''m running IPv6 at home (thanks to a Hurricane Electric tunnel). I''m having trouble with external Teredo clients being able to ping my home IPv6 addresses. All of these clients can reliably ping "ipv6.google.com" 100% of the time, so I know it''s n...

I''d like to ask for clarification on the upgrade procedure using tarballs. In the past, with version 4.4, I have downloaded shorewall-4.4.x.y.tar.bz2 and shorewall6-4.4.x.y.tar.bz2, extracted each, and executed ''install.sh -s'' in each directory. Now there is a new package shorewall-core-4.5.x.y.tar.bz2. As I understand it, with version 4.5, this core package needs to be installed prior to shorewall-4.5.x.y and shorewall6-4.5.x.y. I find that...

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new par...

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new par...

...s). I have kept the same package structure for now, but I have begun work on Shorewall 4.5 where I will change the structure to eliminate more duplication on systems where the products are installed. Beginning with this release, the following files are identical. - /sbin/shorewall and /sbin/shorewall6 - /sbin/shorewall-lite and /sbin/shorewall6/lite Since Shorewall6 requires Shorewall, /sbin/shorewall6 is now a symbolic link to /sbin/shorewall. /sbin/shorewall-lite and /sbin/shorewall6-lite are both installed so that Shorewall6 Lite is not dependent on Shorewall Lite. Shorewall and Shorew...

...s). I have kept the same package structure for now, but I have begun work on Shorewall 4.5 where I will change the structure to eliminate more duplication on systems where the products are installed. Beginning with this release, the following files are identical. - /sbin/shorewall and /sbin/shorewall6 - /sbin/shorewall-lite and /sbin/shorewall6/lite Since Shorewall6 requires Shorewall, /sbin/shorewall6 is now a symbolic link to /sbin/shorewall. /sbin/shorewall-lite and /sbin/shorewall6-lite are both installed so that Shorewall6 Lite is not dependent on Shorewall Lite. Shorewall and Shorew...

Tom In Shorewall6 4.4.27 the following proxyndp entry: 2001:4d48:ad51:24::f3 eth2 eth0 no no does not add the required route. The code produced in /var/lib/shorewall6/.restart is: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add 2001:4d48:ad51:24::f3/128 dev eth2 Splitting the lin...

...ation issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) The start and restart commands in Shorewall Lite and Shorewall6 Lite now correctly handle the ''trace'' and ''debug'' keywords. Previously, those keywords were ignored. ---------------------------------------------------------------------------- I I. K N O W N P R O B L E M S R E M A I N I N G -----------...

...ation issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) The start and restart commands in Shorewall Lite and Shorewall6 Lite now correctly handle the ''trace'' and ''debug'' keywords. Previously, those keywords were ignored. ---------------------------------------------------------------------------- I I. K N O W N P R O B L E M S R E M A I N I N G -----------...

I wonder if anyone is running IPv6 under Centos-5.2? Particularly with shorewall? I see that shorewall6 is specifically designed for updating shorewall to IPv6, as described in <http://www.shorewall.net/IPv6Support.html>. Unfortunately, this explicity requires kernel 2.6.25 or later, and iptables 1.4.0 or later, both of which are later than any versions I've seen on a Centos repository. I...

Hey, I have a setup that has one machine communicating to a server using UDP over IPv6. For specifics, it is using collectd with a boosted MaxPacketSize in the network config. What this means is there is some IP fragmentation happening, and that is getting REJECTed. My policy is to REJECT, and I have an ALLOW for the particular communication I want. What I''m getting in my logs is

Please see https://bugzilla.redhat.com/show_bug.cgi?id=727648 for more info. Shorewall executes some bash code like the following: while read address interface external haveroute; do qt $IP -4 neigh del proxy $address dev $external [ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del $address/32 dev $interface

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in