search for: startup_disabled

...o include a section in the Upgrade article saying: "If you ignore the above instructions and/or do something else, then here are a list of things that might bite you" I''ll think about what I can do in the near term... My long-term approach to this problem in 2.1 is to add a STARTUP_DISABLED variable to shorewall.conf. This will replace the /etc/shorewall/startup_disabled file and the /etc/default/shorewall entry on Debian. That way, I can add (and the Debian maintainer can suppliment) text near STARTUP_DISABLED that tells people what to look out for if they decide to install a new...

...65.128/27 eth1 64.140.165.128/27 eth2 64.140.165.128/27 /etc/shorewall/rules ACCEPT net fw tcp 80 # HTTP ACCEPT net fw tcp 443 #HTTPS ACCEPT net fw tcp 22 # SSH ACCEPT net fw tcp 25 # SMTP ACCEPT net fw tcp 465 # SMTP over SSL /etc/shorewall/zones net Net Internet Then deleted "startup_disabled" and everything else was left at their default settings. Then I started shorewall: /etc/rc.d/init.d/shorewall start And I''ll be darn, the outside world is not able to connect to any services which I enabled via "rules" (can''t connect to anything). I''v...

> One thing : the shorewall is not starting at boot, how to do it ? Did you remove the "startup_disabled" file from the /etc/shorewall directory? yes, thsi file was removed ... F?bio Rabelo

...hen an address is blacklisted using these new commands, it will be blacklisted on all of your firewall''s interfaces. 2) Thanks to Steve Herber, the help command can now give command-specific help. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A new option "ADMINISABSENTMINDED" has been added to /etc/shorewall/shorewall.conf. For existing users, this option has a default value of "No" in which case...

...s are now allowed in Shorewall config files (I still recommend against using them however). 2. The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule. 3. Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. 4. The ''functions'' and ''version'' files and the ''firewall'' symbolic link have been moved from /var/lib/shorewall to /usr/lib/shorewall to appease the LFS police at Debian. -Tom -- Tom Eastep \ Shorewall - iptables made e...

...LE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A change introduced in version 1.4.6 caused error messages during "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were being added to a PPP interface; th...

...LE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A change introduced in version 1.4.6 caused error messages during "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were being added to a PPP interface; th...

I''m running a Fedora Core 1 Samba server and Shorewall 2.0.1 Connections to Samba shares from both loc hosts and the fw host are usually impossible, unless I boot the Server and connect a loc machine to a Samba share before starting Shorewall. This requires manually toggling the startup_disabled filename and starting Shorewall manually after each boot. I used the two-interface guide: (http://www.shorewall.net/two-interface.htm) eth0 is my local network and eth1 connects to a router/DHCP server >> cable modem and internet. Next, I fixed the iptables messages problem with the firew...

...NGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A change introduced in version 1.4.6 caused error messages during "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were being added to a PPP interface; the...

...NGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A change introduced in version 1.4.6 caused error messages during "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were being added to a PPP interface; the...

...self. $LEVEL = Log level. If empty, no logging was specified. $TAG = Log Tag. Example: /etc/shorewall/rules: acton:info:test Your /etc/shorewall/acton file will be run with: $CHAIN="acton1" $LEVEL="info" $TAG="test" 6) The /etc/shorewall/startup_disabled file is no longer created when Shorewall is first installed. Rather, the variable STARTUP_ENABLED is set to ''No'' in /etc/shorewall/shorewall.conf. In order to get Shorewall to start, that variable''s value must be set to ''Yes''. This chan...

...NGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A change introduced in version 1.4.6 caused error messages during "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were being added to a PPP interface; the...

...NGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when /etc/shorewall/startup_disabled exists. This prevents people from shooting themselves in the foot prior to having configured Shorewall. 4) A change introduced in version 1.4.6 caused error messages during "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were being added to a PPP interface; the...

Hi there, Let me just start by saying that I am a bit of a Linux newbie, but that Shorewall seems an excellant product. The issue I''m reporting wont stop me from using it, it still does 99% of what I need. Anyway, I have a resonably simple two interface system. My server (HatMannz, P3-900MHz with a RAID-1 array of 80GB IDE drives running Red Hat 9.0) connects to a cable modem via eth1

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled