similar to: Survey time again?

Greetings to all of the Shorewall community! We''d like to find out a little more about the environments in which Shorewall runs, and to this end i''ve created a survey. It is mostly designed to allow Shorewall users to see how their environment compares with that of the average Shorewall user (if such a thing exists!), but the results may be used by the Shorewall team to assist

Anyone know how/where we can get some? It has been raised before: http://lists.shorewall.net/pipermail/shorewall-users/2004-July/013594.html I''d like to see an IRC or Jabber service for both support and development. -- Paul <http://paulgear.webhop.net> -- Did you know? OpenOffice.org has built-in PDF creation. Better yet, it''s compatible with Microsoft Office, and

Guys, Just a quick check. From what i have read in the shorewall site, intrazone traffic is allowed completely by shorewall i.e. there is no filtering or packet size limiting ,etc,etc. I ask this becos after getting shorewall up and running well, someone has complained that they cannot print pdf files larger than 100k at one go but that they have to print one page at a time. Some details;

Hi folks, I''m conducting a straw poll for your opinions on whether we should send CVS commit logs (probably with diffs) to the shorewall-devel list, or to another (new) list? I can see advantages to both ways: separate lists mean that people who aren''t contributing code don''t get flooded with code noise, but a single list will help keep everyone involved in the

Hi folks, I''ve added a couple of ''help wanted'' ads to our SourceForge project. You can see them at http://sourceforge.net/people/?group_id=22587 I''ll add more as i have the opportunity. If you can think of other jobs we need to assign, please let me know. -- Paul <http://paulgear.webhop.net> -- Did you know? Using accepted quoting conventions makes

Hi folks, As requested earlier in the week, i''ve done some cleaning on my little script to manage shorewall configurations across multiple firewalls, and the results are available now. You can find a (rather banal) pointer at: http://paulgear.webhop.net/linux/#shoregen Download it at: http://paulgear.webhop.net/linux/RPMS/noarch/shoregen-0.1.1-1.noarch.rpm For you non-RPM types,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks (mostly Tom), In which shorewall configs is the ordering of entries significant? I know about rules & policies, and if i remember correctly zones under some circumstances (when one is a sub-zone of another), but are there any others? I am trying to work out (for my multi-firewall preprocessing script) whether i need to process

Hi folks, Over the weekend Ron has made some good progress with functionality available at http://devel.shorewall.net, and i''ve converted all of the content i had placed at http://shorewall.dyndns.org (which is now a redirect to the former). Please have a look around and give your feedback, either here or on the site itself. -- Paul <http://paulgear.webhop.net> -- Did you know?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Can someone refresh my memory on the difference between the following (where dmz contains an RFC 1918 address host)? ACCEPT net dmz tcp 80 - all DNAT net dmz tcp 80 I''m trying to generate a script for maintaining multiple interconnected firewalls from shared policy, rules, and zone files, and i

Hi folks, Has anyone out there done port forwarding or DNAT for UDP packets that are normally sent to the broadcast address (255.255.255.255)? I have to support a nasty database application called FileMaker Pro (those of you who know it are probably groaning about now), which uses broadcasts to locate the database server. Theoretically, i can get around this requirement by using LDAP lookups

Hi folks, Last night and this morning i''ve hacked up a quick web site for coordinating our development work based on Drupal (http://drupal.org). You can find it at: http://shorewall.dyndns.org I''ve put a few ideas in there - feel free to use the comments or sign up for an account and create your own pages (particularly in the two books about development and web site work).

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Quick question: can anyone remember the reason why all the config files end in ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE'' or something similar? I''m starting work on a shorewall preprocessor that will allow multiple firewalls to be administered from a single system (not a GUI, though), and

Hi folks, When we first started talking about Shorewall post-Tom, a few people offered to help with testing. Would those people please raise their hands again? :-) I''m investigating Nicolas Helleringer''s recent message on shorewall-users (http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018898.html), and a good test environment would come in really handy,

Hello, With reference to the problems listed below. I too am having incredibly long start up times. I''m talking minutes here (around 5 minutes). My configuration is not complex I don''t think. We are you using ldap too and the settings are bellow. The network is up as I''m restarting shorewall whilst the machine is running. Any suggestions? Is there no way to

I have looked through the new "Complex Surveys" book and the documentation for the "survey" package and it appears to me that there are no functions in "survey" that help one to design a sampling scheme. For example, in the book section 2.8 discusses the design of stratified samples, but there is no mention of any functions in the "survey" package that

My firewall is using shorewall 3.0.x and CentOS Recently, I found that firewall is attaching from ARP spoofing.. There are a lot of "out of socket memory" in messages log ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and

Dear Kevin, In addition to the advice you've received, take a look at the survey package. It's not quite what you're asking for, but in fact it's probably more useful, in that it provides correct statistical inference for data collected in complex surveys. The package is described in an article, T. Lumley (2004), Analysis of complex survey samples, Journal of Statistical Software

Dear shorewall list enthusiasts, I recently set up a dedicated linux box running shorewall in order to isolate my network from the "evil other side" :) It works so well that I first have to thank and congratulate everybody that took part in this project ! Then, I have a question, that separates my setup from "wonderful" to "heaven" : I activated the

hello Tom >Another very likely cause is that Shorewall-shell is generating a pkttype >test to identify multicast packets. This can be unreliable and can be >avoided by setting PKTTYPE=No in shorewall.conf. After using PKTTYPE=No in shorewall.conf , my syslog is clean now. Do you mean that adding the following line in /etc/shorewall/interfaces is suffiscient? dmz eth1

I set up a firewall following: http://www.shorewall.net/MultiISP.html Using shorewall 4.0.5 and a 2.6.22 kernel Attached a dump from shorewall. It''s setup for testing. I have an internal host set to it as the default route. The ipsec.conf file is renamed to keep it from messing up the vpns. Most things are working OK. I''m a bit concerned that all the outgoing nat traffic is