search for: soini

...#39;'t load match `-j'':/lib/iptables/libipt_-j.so: cannot open shared object file: No such file or direct ory Try `iptables -h'' or ''iptables --help'' for more information. + [ 2 -ne 0 ] + [ -z ] + stop_firewall + set +x Any hint how to fix this? -- Tuomo Soini <tis@foobar.fi>

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall...

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

...run_iptables -A $inchain -p udp -s $1 --sport 500 --dport 500 $options else run_iptables -A $inchain -p udp -s $1 --dport 500 $options + run_iptables -A $inchain -p udp -s $1 --dport 4500 $options fi for z in `separate_list $3`; do -- Tuomo Soini <tis@foobar.fi> http://tis.foobar.fi/

...ot;." in interface name. Tom, do you have any idea how to fix this? I''d fix it myself but I don''t know shorewall code well enough yet. If you can give me a hint I''ll check code and try to fix it, but that''s later, now it''s quite late. -- Tuomo Soini <tis@foobar.fi> http://tis.foobar.fi/

Hi folks, I''m conducting a straw poll for your opinions on whether we should send CVS commit logs (probably with diffs) to the shorewall-devel list, or to another (new) list? I can see advantages to both ways: separate lists mean that people who aren''t contributing code don''t get flooded with code noise, but a single list will help keep everyone involved in the

...d thing(tm). I found out that deleting host from dynamic zone gives warning when host is not in zone but is successful. I changed add code to work same way. I fixed shorewall delete warning message too, it didn''t give all correct information. Patch is against shorewall 2.2.5 - -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy <http://foobar.fi/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFClIdJTlrZKzwul1ERAmbkAJsFC72PWsZQTShPwNbkAThvHW2daQCeO6Kx /YAYv...

shorewall-docs-html-1.4.10a is missing following files: Banner.htm Shorewall_index_frame.htm seattle_firewall_index.htm Or there should be different index.htm in tar. There might be other missing files but that''s what I found out immidiately when I tried to check local docs. -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy <http://foobar.fi/>

Although 1.4 is now released, there is one aspect of Shorewall''s design that I''m still quite unhappy with. It involves two areas: a) when and when not to create rules to allow inbound traffic on an interface to be routed back out that same interface. b) intrazone traffic. I''m currently running 1.4.0 plus a change that: a) Allows intrazone traffic unconditionally --

All, I have been using Shorewall successfully for years on many different machines and configurations. However, I just built a new box and wanted to setup shorewall on it. I''m running SuSE Linux Enterprise Server 11 and Shorewall 4.4.8 (latest version as of this e-mail) using the RPM download. I am able to install Shorewall just fine and I''m able to setup everything except

...ed to wonder why shorewall restart did _not_ clear TC rules after TC was disabled? So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is disabled automatically. Question is: should TC_ENABLED=No disable CLEAR_TC? Now it''s doing so. Shorewall is version 2.0.7. - -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy <http://foobar.fi/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBINrmTlrZKzwul1ERAosBAJ9RIyGxbWa2AbOx/XfnN+sUVg0MwwCeLhSd aGcfg...

Just something I patch in my rpm set to make shorewall configurable. -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy <http://foobar.fi/> -------------- next part -------------- --- shorewall-2.0.2d/install.sh.orig 2004-05-28 03:17:01.000000000 +0300 +++ shorewall-2.0.2d/install.sh 2004-05-30 01:08:00.000000000 +0300 @@ -87,11 +87,20...

...n't reproduce that in normal system but that happens something like every second try in mock chroot build envirnoment. Other tests don't have issues so it looks like test is not very reliable. Building 2.3.4 didn't yet have this issue. ./test-http-payload -D output attached. -- Tuomo Soini <tis at foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> -------------- next part -------------- A non-text attachment was scrubbed... Name: fail.log.gz Type: application/gzip Size: 29583 bytes Desc: not available URL: <https://dovecot.org/pipermail/dov...

Many people prefer to use LMTP for delivery from postfix for better efficiency but X-Original-to header support still missing after many years. One affect of this is need to set sieve_vacation_dont_check_recipient = yes which violate Sieve standard and cause auto-replyies sent to messages that should not happen. Or abandon LMTP. or abandon postfix?? So while feature request is stalled are

On 2019-05-22 08:18, Tuomo Soini via dovecot wrote: > On Tue, 21 May 2019 18:24:46 +0000 > MRob via dovecot <dovecot at dovecot.org> wrote: > >> Many people prefer to use LMTP for delivery from postfix for better >> efficiency but X-Original-to header support still missing after many >> years. One...

...aracters. --log-prefix "Shorewall:ipsec2ipsec:1:REJECT:" So zone names should be limited to 4 characters or default logformat needs change. My fix was to change to: LOGFORMAT="Shw:%s:%d:%s:" But there still is limit to zone name length which needs to be enforced. -- Tuomo Soini <tis@foobar.fi> Linux and network services Foobar Oy <http://foobar.fi/>

I have implemented the ability to specify ''all'' in the SOURCE and DESTINATION columns of the rules file and I''m not sure I like the result. The code is in CVS if any of you are interested in giving it a try. If you do try it, please let me know what you think. If you specify ''all'' in those columns it must not be qualified (may not be followed by

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone

...this code is quite complex, Should code check for existence of -d and -s parameters and use -I instead of -A when adding those rules to dynf chain or what''s least wrong fix for that. I''ve just stared at that code too many hours today and could use a good advice. :-) - -- Tuomo Soini <tis@foobar.fi> Linux and network services +358 40 5240030 Foobar Oy <http://foobar.fi/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFClz7xTlrZKzwul1ERAix+AKChWxsudvZlK0ph+DnZwboRxC2rHgCfaQ3/ rWOGR...