search for: shorwalls

This fixes the problem in 1.4.7a where <zone>_frwd chains are missing required rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

http://shorweall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta5 ftp://shorweall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta5 Problems corrected: 1. A typo in shorewall.conf (NETNOTSYN) has been corrected. New Features: 1. For consistency, the CLIENT PORT(S) column in the tcrules file has been renamed SOURCE PORT(S). 2. The contents of

The 2.0.2 .lrp released yesterday contained the wrong version of /usr/share/shorewall/functions. I have updated the .lrp with the correct version of the functions file. [root@lists shorewall-2.0.2]# ls -l shorwall-2.0.2.lrp -rw-r--r-- 1 root ftp 78325 May 14 06:28 shorwall-2.0.2.lrp [root@lists shorewall-2.0.2]# grep shorwall 2.0.2.md5sums 3ae771fcbfe217006e88e69a597c6455

After gaining some experience with the new release model, it has become apparent to me that a small adjustment is warrented. I previously announced that updates to the stable release would only contain bug fixes. I''m modifying that slightly to allow for small low-risk enhancements; large and/or risky enhancements will still be restricted to the development release. We have seen this

Hi!, I have Fedora 2 installed (Kernel 2.6), 3 interfaces (eth0,eth1,eth2), in the eth1 i have my local network and eth0 the Internet conection, when i do masquerading (eth1 out by eth0) only works for a few minutes. I dont know what i?m doing wrong, or only is an incompability or error between the OS Fedora 2 and the shorewall 2.0.7...i restart the shorewall service ones works anothers doesnt.

I have just uploaded a new version of the 2.0.2b .lrp: http://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp ftp://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp This version already includes the normal LEAF changes that are present in the shorewall.lrp distributed with Bering and Bering-uClibc. Thanks to K.-P. Kirchdörfer, future versions of the .lrp will

Attached please find updated build and publish scripts. They set the ''ulink.target'' parameter appropriately when converting docbook->HTML. I have always hacked my xhtml/params.xsl file to set this parameter; these updated scripts make that abomination unnecessary. Paul/Mike: It might be a good idea to add a CVS project for these scripts. -Tom -- Tom Eastep \ Nothing is

Whilst configuring another shorewall firewall router for another site, I must have made some totally newbie error.... While directly on the cable modem, it works great. But when placed on the LAN side of my existing Shorewall box, the NEW shorwall box could not ping, or look up dns or anything else. If I shutdown shorewall (clear) in the NEW box then it could surf the net and ping etc. When

Question to the list, Has anyone here had experience using Shorewall (multi-isp configuration) with Snort inline? First, is this possible? Second, if anyone has done this, what documentation, if any did they use to set it up? Third, does snort have to run inline on a firewall (I''m under the impression it does)?

Hi there... I want to use MAC validation for strict computer access rules to our server and LAN. I do not want any computer have ANY kind of access (neither LAN or Internet access, not even get an IP from the dhcp server, or being able to connect to anything manually configuring the IP settings) unless its MAC is on the list. Our server has two interfaces (eth0 & eth1) and 2 zones (net and

I''m currently building a firewall for a network with 2 ISP links. Unfortunately, one of the ISP''s doesn''t support BGP yet, otherwise I would be doing load balancing at the router, instead of the firewall. I''ve been trying to find information on how to get WonderShaper working, but everything I''ve found talks about setting it up for a firewall with one

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

I''m wondering if the following is possible under recent versions of shorewall: 1. We have several class-C networks from both UUNet and Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The packages that I uploaded earlier were unfortunately incorrect. I have uploaded the correct packages. The incorrect md5sums are: 14e8f2bfa08cc5ca2715c8b1179d5eb2 shorewall-2.0.10-1.noarch.rpm 54bcbb2216ad3db9870507cd9716fd99 shorewall-2.0.10.tgz c2fe0acc7f056acb56d089cf8dafa39a shorwall-2.0.10.lrp The correct md5sums are:

Content is the same as RC2. http://shorewall.net/pub/shorewall/shorewall-2.0.3 ftp://shorewall.net/pub/shorewall/shorewall-2.0.3 The release will be coming to a mirror near you shortly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hello List. I''m new here, and am staring off with a pretty common question, i think. I want to have my router DNAT incomeing connections for other IP''s than it''s WAN IP. In my other setup, just adding that IP as Destination Address was enough. But that was a bit older Version of Shorwall. In my new Setup, Shorewall 2.0.7 Debian Sarge, i have this line: DNAT

I have upgraded to trustix 2.1 (kernel 2.4.25-2trfirewall), there is a problem with shorewall (both 1.4.10d and 2.0) and iptables 1.2.9-2tr when I start shorewall I have the following errror: iptables v.1.2.9: Unknown arg ''--icmp-type'' Try ''iptables -h'' or ''iptables --help'' for more information with trustix 2.0 (kernel 2.4.25-2trfirewall)

Hello, This might seem like a strange question but... Is there someway to only allow the Traffic Shaping module of Shorewall to run ? I am already running a bunch of my own firewall and routing scripts and am really interested in the ease of Shorwalls Traffic Shaping module. Does anyone know a way to make it fire up separately without any of the firewall stuff ? (yes I know that sounds bizarre) Thanks very much !!! Any ideas or advice much appreciated. Kind Regards Sylvan ------------------------------------------------------- This...

Hello, Since the ipmasq package has been dropped from debian I decided to migrate to shorewall. My setup is pretty simple: [DSL Modem] -eth0- [shorwall/gateway] -eth1- [local network] ipmasq required that I set the MTU on eth0 to 1492. Migrating to shorewall went well, but a small number of web sites would load slow or not at all. Setting the MTU on eth0 to 1492 and setting CLAMPMSS=Yes

I am running shorewall 2.1.5, recently upgraded from 1.4 and am intrigued with these new actions and have two questions, first, if I create a action.Allow, just like there exists action.Drop and action.Reject, will the actions included in action.Allow be processed just like those in action.Drop? (whether I use this file in /etc/shorewall or /usr/share/shorewall) the most important question: