> What experience have users had using ShoreWall as a bogon filter > using the Team Cymru full bogon listsHere is a script I wrote using ipset for this purpose (the IPv4 case). The load of using it as a block list is negligible (and I concurrently use several other larger ones). I wouldn''t hesitate to extend it to also run the larger IPv6 case. It''s the second example script. http://forums.gentoo.org/viewtopic-t-863121.html ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
Spain, Dr. Jeffry A.
2013-Feb-24 01:48 UTC
Re: Full Bogon Filtering (Spain, Dr. Jeffry A.)
>> What experience have users had using ShoreWall as a bogon filter using >> the Team Cymru full bogon lists> Here is a script I wrote using ipset for this purpose (the IPv4 case). The load of using it as a block list is negligible (and I concurrently use several other larger ones). I wouldn''t hesitate to extend it to also run the larger IPv6 case. It''s the second example script.http://forums.gentoo.org/viewtopic-t-863121.html Thanks, John. This is a very well-written article. I will try it out with the IPv6 full bogon list. Also I have opened a support ticket with TW Telecom, our ISP, to find out what they may be doing in this arena. Jeff. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
On Sun, 24 Feb 2013 01:48:26 +0000 "Spain, Dr. Jeffry A." <spainj@countryday.net> wrote:> Thanks, John. This is a very well-written article. I will try it out > with the IPv6 full bogon list. Also I have opened a support ticket > with TW Telecom, our ISP, to find out what they may be doing in this > arena. Jeff.Blocking full bogons is really something more appropriate for backbone routers and Layer 2 providers, but you may find your ISP doing it at their node (or possibly even internally). It''s kind of overkill at LAN firewall level, but it could theoretically be useful (in much the same way as RFC 1918 blocking). ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
News
2013-Feb-25 11:04 UTC
RedHat 6.4 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system
Hello to the list, I update a RedHat server from 6.3 to 6.4 and install the last shorewall rpm 4.5.13.0-1.el6, after this shorewall not start at boot and show the error ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system, after the boot I can start shorewall by hand. What can I do? Thanks to everybody Amedeo ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
Simon Matter
2013-Feb-25 11:28 UTC
Re: RedHat 6.4 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system
> Hello to the list, > I update a RedHat server from 6.3 to 6.4 and install the last shorewall > rpm 4.5.13.0-1.el6, after this shorewall not start at boot and show the > error ERROR: Your kernel/iptables do not include state match support. No > version of Shorewall will run on this system, after the boot I can start > shorewall by hand.Could it be a problem with SELinux? Simon> What can I do? > Thanks to everybody > > Amedeo > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
News
2013-Feb-26 18:20 UTC
RESOLVED: Re: RedHat 6.4 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system
Il 25/02/2013 12.28, Simon Matter ha scritto:>> Hello to the list, >> I update a RedHat server from 6.3 to 6.4 and install the last shorewall >> rpm 4.5.13.0-1.el6, after this shorewall not start at boot and show the >> error ERROR: Your kernel/iptables do not include state match support. No >> version of Shorewall will run on this system, after the boot I can start >> shorewall by hand. > > Could it be a problem with SELinux? > > Simon > >> What can I do? >> Thanks to everybody >> >> AmedeoSimon you''re magician!!!!! :) the update change the selinux''s labels of iptables after reset this it''s all ok.... I think that when the people updates frome centos 6.3 to centos 6.4 the world stopping Here is the commands: restorecon -Rv /sbin restorecon reset /sbin/iptables-multi-1.4.7 context system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0 restorecon reset /sbin/ip6tables-multi-1.4.7 context system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0 Thanks sooo much Amedeo>> >> ------------------------------------------------------------------------------ >> Everyone hates slow websites. So do we. >> Make your web apps faster with AppDynamics >> Download AppDynamics Lite for free today: >> http://p.sf.net/sfu/appdyn_d2d_feb >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
Simon Matter
2013-Feb-27 07:53 UTC
Re: RESOLVED: Re: RedHat 6.4 - ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system
> Il 25/02/2013 12.28, Simon Matter ha scritto: >>> Hello to the list, >>> I update a RedHat server from 6.3 to 6.4 and install the last shorewall >>> rpm 4.5.13.0-1.el6, after this shorewall not start at boot and show >>> the >>> error ERROR: Your kernel/iptables do not include state match support. >>> No >>> version of Shorewall will run on this system, after the boot I can >>> start >>> shorewall by hand. >> >> Could it be a problem with SELinux? >> >> Simon >> >>> What can I do? >>> Thanks to everybody >>> >>> Amedeo > > Simon you''re magician!!!!! :)Thanks, but I''m afraid the proper description is just someone who has burnt its fingers too many times. SELinux is the hotplate of Linux for me :) Simon> the update change the selinux''s labels of iptables after reset this it''s > all ok.... > I think that when the people updates frome centos 6.3 to centos 6.4 the > world stopping > Here is the commands: > > restorecon -Rv /sbin > restorecon reset /sbin/iptables-multi-1.4.7 context > system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0 > restorecon reset /sbin/ip6tables-multi-1.4.7 context > system_u:object_r:bin_t:s0->system_u:object_r:iptables_exec_t:s0 > > Thanks sooo much > Amedeo > > >>> >>> ------------------------------------------------------------------------------ >>> Everyone hates slow websites. So do we. >>> Make your web apps faster with AppDynamics >>> Download AppDynamics Lite for free today: >>> http://p.sf.net/sfu/appdyn_d2d_feb >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >> >> >> >> ------------------------------------------------------------------------------ >> Everyone hates slow websites. So do we. >> Make your web apps faster with AppDynamics >> Download AppDynamics Lite for free today: >> http://p.sf.net/sfu/appdyn_d2d_feb >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb