search for: subsyslock

hello, while starting shorewall4.5.20 on debian7 I get the following from touch touch: cannot touch `/var/lock/subsys/shorewall'': No such file or directory The needed file can not be created because the directory subsys is not present! If I creat the folder manuallly touch does not complain when shorewall start! Thus it would be nice if durring start shorewall could check if the

I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I start Shorewall I get this: /usr/share/shorewall/firewall: line 204: 4: command not found I looked there and found this: # Run ip and if an error occurs, stop the firewall and quit # run_ip() { if ! ip $@ ; then if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"ip

...39;' + trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9 + command=start + ''['' 1 -ne 1 '']'' + do_initialize + export LC_ALL=C + LC_ALL=C + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + terminator=startup_error + version= + FW= + SUBSYSLOCK= + STATEDIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + LOGUNCLEAN= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + NAT_BEFORE_RULES= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= +...

Hello, I build a new debian release 1.3.12stable-3 to fix some bugs. ChangeLog --------- 1.3.12stable-3 * /var/state/ does no longer exist. The SUBSYSLOCK variable of shorewall.conf is set to /var/lib/shorewall/state according to FSH (closes: #174776). * /usr/lib/shorewall contained only architecture independent files, those files are moved to /usr/share/shorewall according to FSH (closes: #173266) 1.3.12stable-2 * included in shorewall-doc s...

This version of Shorewall includes the ability to filter by MAC address.=20 The following problems have been corrected: 1. Change LOCKFILE to SUBSYSLOCK in /etc/shorewall/shorewall.conf. 2. The firewall will no longer start if no interfaces are defined. 3. Replaced ''let'' builtin with ''expr'' so that Shorewall will work with ash. -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://...

Hi, I''m a long time shorewall user and I like it very much. There is only one thing were I''m not always happy with: the config files. There has been discussion on the list about the comments in the files. My concern is that I loose overview over my configuration because of the many config files. Of course there are advantages too but I thinking wether another config format would

...CCEPT loc $FW::3128 tcp www ACCEPT loc $FW tcp ssh ACCEPT net $FW tcp ssh,auth ACCEPT $FW net udp ntp #[/etc/shorewall/shorewall.conf]-------------------------------------------- --- FW=fw SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall ALLOWRELATED="yes" MODULESDIR="" LOGRATE="1/minute" LOGBURST="5" LOGUNCLEAN=info LOGFILE="/var/log/messages" NAT_ENABLED="Yes" MANGLE_ENABLED="Yes" IP_FORWARDING="On&quo...

...LOGFORMAT="Shorewall:%s:%s:" LOGRATE= LOGBURST= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall/action:/etc/shorewall/custom:/etc/shorewall:/usr/share/shorewall FW=fw IP_FORWARDING=Off ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER...

...CCEPT loc $FW::3128 tcp www ACCEPT loc $FW tcp ssh ACCEPT net $FW tcp ssh,auth ACCEPT $FW net udp ntp #[/etc/shorewall/shorewall.conf]-------------------------------------------- --- FW=fw SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall ALLOWRELATED="yes" MODULESDIR="" LOGRATE="1/minute" LOGBURST="5" LOGUNCLEAN=info LOGFILE="/var/log/messages" NAT_ENABLED="Yes" MANGLE_ENABLED="Yes" IP_FORWARDING="On&quo...

...quot;Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= IPSECFILE=zones FW= IP_FORWARDING=Keep ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=Internal CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_T...

...No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No RETAIN_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No M...

...ILE=/var/log/firewall LOGFORMAT="Shorewall:%s:%s:" LOGRATE= LOGBURST= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=yes ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTE...

...quot;Shorewall:%s:%s:" LOGTAGONLY=No LOGRATE= LOGBURST= LOGALLNEW= BLACKLIST_LOGLEVEL= MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info LOG_MARTIANS=No IPTABLES= PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= IPSECFILE=zones LOCKFILE= DROP_DEFAULT="Drop" REJECT_DEFAULT="Reject" ACCEPT_DEFAULT="none" QUEUE_DEFAULT="none" NFQUEUE_DEFAULT="none" RSH_COMMAND=''ssh $...

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

...:%s:" LOGLIMIT="" LOGBURST="" BLACKLIST_LOGLEVEL=info LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK="" STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=Keep ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=No TC_ENABLED=No CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=No CLAMPMSS=No ROUTE_FILTER=Yes DETECT_DNAT_IPADDRS=No MUTEX_TIMEOUT=60...

...S_LOG_LEVEL=info CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" GEOIPDIR=/usr/share/xt_geoip/LE IPTABLES= IP= IPSET= LOCKFILE= MODULESDIR= PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin" PERL=/usr/bin/perl RESTOREFILE=restore SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall TC= ACCEPT_DEFAULT=none DROP_DEFAULT=Drop NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none REJECT_DEFAULT=Reject RCP_COMMAND=''scp ${files} ${root}@${system}:${destination}'' RSH_COMMAND=''ssh ${root}@${system} ${command}'' ACCOUNTING=Yes ACCOUNTING...

I have what strikes me as an odd problem with shorewall. Let me describe my setup. My desktop (alfred) is connected to the network through an ADSL modem. I am running rp-pppoe, and this works perfectly. I have a small home network, with two LANs; an Ethernet LAN (including a machine running Windows XP), and a WiFi LAN, including the laptop (william) I am using now. All the computers except for

...LOGFORMAT="Shorewall:%s:%s:" LOGRATE= LOGBURST= BLACKLIST_LOGLEVEL= LOGNEWNOTSYN=info MACLIST_LOG_LEVEL=info TCP_FLAGS_LOG_LEVEL=info RFC1918_LOG_LEVEL=info SMURF_LOG_LEVEL=info BOGON_LOG_LEVEL=info PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin SHOREWALL_SHELL=/bin/sh SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall MODULESDIR= CONFIG_PATH=/etc/shorewall:/usr/share/shorewall RESTOREFILE= FW=fw IP_FORWARDING=On ADD_IP_ALIASES=Yes ADD_SNAT_ALIASES=no TC_ENABLED=Yes CLEAR_TC=Yes MARK_IN_FORWARD_CHAIN=Yes CLAMPMSS=No ROUTE_FILTER=No DETECT_DNAT_IPADDRS=No MUTE...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get