search for: shorewall_shell

...#39;'iptables-restore --help'' for more information. ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input Processing /etc/shorewall/stop ... IPv4 Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/shorewall: line 742: 32734 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart -- removing routeback,blacklist,tcpflags works fine. Thanks! Happy new year to all ------------------------------------------------------------------------------

.../ http://www.datux.nl -------------- next part -------------- 578c578 < SHOREWALL_DIR= --- > SHOREWALL_DIR=/etc/shorewall 679c679 < start|stop|restart|reset|clear|refresh|check) --- > start|restart) 680a681 > #first try it the "normal" way: 682c683,709 < exec $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 --- > $SHOREWALL_SHELL $FIREWALL $debugging $nolock $1 > RESULT=$? > #exitcode 1 means something lame happend. > [ $RESULT == 1 ] && exit 1; > if [ $RESULT == 0 ] ; then > #it worked, create a backup > echo -n "* Co...

Shorewall 3.4.6 running on SuSE Linux 10.2 Compiling Rule Activation... Shorewall configuration compiled to /var/lib/shorewall/.restart Processing /etc/shorewall/params ... Restarting Shorewall.... /sbin/shorewall: line 665: 6782 Segmentation fault $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart got this with V3.4.4, updated to 3.4.6 this morning, but that didn''t help. Does anybody have any hint for me ? I am travelling onsite now to further debug the problem. Regards from Germany. -- Mit freundlichen Grüßen, Philipp Rusch ----------...

...help'' for more information. ERROR: Command "/usr/sbin/iptables -A eth2_fwd -p tcp -s 169.254.0.0/16!169.254.1.0/24 -j tcpflags" Failed Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/shorewall: line 742: 9333 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart -------------------------------------------------------- This is the corresponding entry in my hosts file: INT eth2:1.1.1.100/32 routeback,blacklist,tcpflags INT eth2:169.254.0.0/16!169.254.1.0/24 routeback,blacklist,tcpflags INT eth2:...

...t no problems, but when I try to start shorewall I get this error a lot of time: iptables: Invalid argument ip6tables v1.3.6: can''t initialize ip6tables table `filter'': Bad file descriptor and the Shorewall starting process ends with /sbin/shorewall: line 656: 25228 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart What''s the problem? I googled for this problem and it seems to be a kernel bug, but I am in a domU... Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft De...

...amp;& STATEDIR=/var/state/shorewall @@ -4728,10 +4732,6 @@ strip_file interfaces strip_file hosts # - # Determine the capabilities of the installed iptables/netfilter - # - determine_capabilities - # # Check out the user''s shell # [ -n "$SHOREWALL_SHELL" ] || SHOREWALL_SHELL=/bin/sh

...1.3.6.0debian1-5 on a debian sarge machine. >From yesterday shorewall can''t start anymore and in the shorewall-init.log I''ve this: ERROR: Rule "REDIRECT lan 8081 tcp 80 " requires NAT which is disabled /sbin/shorewall: line 527: 17071 Terminated $SHOREWALL_SHELL ${SHAREDIR}/compiler $debugging $nolock compile ${VARDIR}/.start The rule REDIRECT is for dansguardian. I''ve tried to comment that line and the new error occours: iptables: No chain/target/match by that name ERROR: Command "/sbin/iptables -A FORWARD -m state --state ESTABLISHED...

...on is available, the rule in the filter table is extended to check that the original destination address was the same as specified (or defaulted to) in the DNAT rule. 7) The shell used to interpret the firewall script (/usr/share/shorewall/firewall) may now be specified using the SHOREWALL_SHELL parameter in shorewall.conf. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

Shorewall 4.5.1.1 is now available for download. Problems Corrected: 1) When checking or compiling for export (-e option), /sbin/shorewall would previously issue a warning message if the SHOREWALL_SHELL specified in the remote firewall''s shorewall.conf did not exist. 2) The changes to TOS handling in 4.5.1 are incompatible with older releases such as RHEL5 and derivatives. That has been corrected. 3) The rules compiler now verifies that the protocol is TCP, UDP, SCTP or DC...

...- - 10/sec:20 shorewall starts fine on 2 of the systems but on the 3rd it fails to start with the following error: iptables-restore: line 119 failed ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input /usr/share/shorewall/lib.common: line 113: 5485 Terminated $SHOREWALL_SHELL $script $options $@ shorewall starts fine if I remove the rate limit. Can anyone tell me what is wrong? I''ve tried 4.5.19 as well. - Grant ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, mo...

..."tc qdisc add dev eth0 root handle 1: htb default 13" Failed May ?4 22:30:14 gateway shorewall: ? ?WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables May ?4 22:30:14 gateway shorewall: /sbin/shorewall: line 484: 11922 Terminated ? ? ? ? ? ? ? $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart May ?4 22:30:15 gateway shorewall: Processing /etc/shorewall/stop ... May ?4 22:30:15 gateway shorewall: IP Forwarding Enabled May ?4 22:30:15 gateway shorewall: Processing /etc/shorewall/stopped ... May ?4 22:30:15 gateway shorewall: shorewall startup failed...

Greetings, What programming languages besides shell scripting are used in shorewall? What knowledge is needed to help in shorewall development? I figure iptables is a goood bet but is there anything else as well? Thank you for your time. Regards, Jason

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

...on is available, the rule in the filter table is extended to check that the original destination address was the same as specified (or defaulted to) in the DNAT rule. 7) The shell used to interpret the firewall script (/usr/share/shorewall/firewall) may now be specified using the SHOREWALL_SHELL parameter in shorewall.conf. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

...OGFILE=/var/log/messages LOGFORMAT="Shorewall:%s:%s:" LOGRATE= LOGBURST= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall/action:/etc/shorewall/custom:/etc/shorewall:/usr/share/shorewall FW=fw IP_FORWARDING=Off ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMP...

The 1.4.6 version of Shorewall makes additional demands on the shell. I have found that both the RH9.0 version of ash and the version of ash that has long been available from the Shorewall download sites are *not* suitable for use with Shorewall 1.4.6. The LEAF Bering version of ash on the other hand works fine. Attached is a small shell program that will allow you to test your shell for

...on is available, the rule in the filter table is extended to check that the original destination address was the same as specified (or defaulted to) in the DNAT rule. 7) The shell used to interpret the firewall script (/usr/share/shorewall/firewall) may now be specified using the SHOREWALL_SHELL parameter in shorewall.conf. 8) An ''ipcalc'' command has been added to /sbin/shorewall. ipcalc [ <address> <netmask> | <address>/<vlsm> ] Examples: [root@wookie root]# shorewall ipcalc 192.168.1.0/24 CIDR=192.168.1.0/24 N...

I''m happily running two four zone/four nic shorewall firewall configuratoins. Great software, works as expected everytime! We are conteplating a larger and more complex firewall configuration that may include as many as twelve zones with trying to cram as many as 8+ interfaces into a single machine. Are there any draw backs to this amount of zones and interfaces into a single

...log/messages LOGFORMAT="Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= IPSECFILE=zones FW= IP_FORWARDING=Keep ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT...

...%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETEC...