similar to: Shorewall 4.4.14 RC 1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and

Togan Muftuoglu has just informed me that Shorewall is now available in the following repositories: <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.2> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.3> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_Factory> Thanks Togan!! -Tom -- Tom Eastep

In case you haven''t guessed by recent development list traffic, RC 1 is now available for testing. There are no new features since Beta 3 -- Just bug fixes. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car

In case you haven''t guessed by recent development list traffic, RC 1 is now available for testing. There are no new features since Beta 3 -- Just bug fixes. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car

RC 1 is now available for testing. This version corrects several problems in Beta 3: 1) Release notes now correctly refer to FORWARD_CLEAR_MARK rather than CLEAR_FORWARD_MARK. 2) The NET3 column in /etc/shorewall/netmap now works correctly. 3) A missing closing quote in the generated script when using REQUIRE_INTERFACE=Yes has been corrected. 4) The compiler now correctly detects the

RC 1 is now available for testing. This version corrects several problems in Beta 3: 1) Release notes now correctly refer to FORWARD_CLEAR_MARK rather than CLEAR_FORWARD_MARK. 2) The NET3 column in /etc/shorewall/netmap now works correctly. 3) A missing closing quote in the generated script when using REQUIRE_INTERFACE=Yes has been corrected. 4) The compiler now correctly detects the

Beta 4 is now ready for testing. http://www.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/ ftp://ftp.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/ ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 Beta 4

Beta 2 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair from Shorewall 4.5.17.1. 2) The following warning message could be emitted

Beta 1 is now available for testing. New Features: 1) AUTOMAKE=Yes now causes all directories on the CONFIG_PATH to be searched for files newer than the script that last started/restarted the firewall. 2) FORMAT-2 actions may now specify default parameter values using the DEFAULTS directive. DEFAULTS <def1>,<def2>,... Where <def1> is the default

Beta 1 is now available for testing. New Features: 1) AUTOMAKE=Yes now causes all directories on the CONFIG_PATH to be searched for files newer than the script that last started/restarted the firewall. 2) FORMAT-2 actions may now specify default parameter values using the DEFAULTS directive. DEFAULTS <def1>,<def2>,... Where <def1> is the default

Shorewall 4.5.6 RC 1 is now available for testing. Problems corrected since Beta 4: 1) In the generated script, the logic for handling wildcard interfaces with the ''wait=n'' option was incorrect. For each matching interface, the script would check its readiness n times in rapid succession. The script now sleeps 1 second between checks. 2) Previously, the tcrules

Shorewall 4.5.6 RC 1 is now available for testing. Problems corrected since Beta 4: 1) In the generated script, the logic for handling wildcard interfaces with the ''wait=n'' option was incorrect. For each matching interface, the script would check its readiness n times in rapid succession. The script now sleeps 1 second between checks. 2) Previously, the tcrules

In kernel 2.6.31, the handling of the rp_filter interface option was changed incompatibly. Previously, the effective value was determined by the setting of net.ipv4.config.dev.proxy_arp logically ANDed with the setting of net.ipv4.config.all.proxy_arp. Beginning with kernel 2.6.31, the value is the arithmetic MAX of those two values. Additionally, a ''loose'' routefiltering

Hello, This is using version 4.4.11.3 (Debian). The following error occurs: ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : The configuration is a test config. Commented lines removed to keep it clear: # cat zones fw firewall loc ipv4 # cat interfaces loc eth1 - # cat hosts loc eth1:10.128.23.34/16 # cat policy all all ACCEPT

Hi All, I''m using shorewall 4.0.15-1 on debian 5.0.5 and It works fine. I want to start using rules based on users. This is supported in the shorewall-rules file, However it seems that each rule can only be associated with one user or group. Does this mean that I cannot have a rule apply to several users which belong to several groups? Will creating duplicate rules for each user

In the docs at http://www.shorewall.net/Shorewall-perl.html, "Your ipsets must be loaded before Shorewall starts. You are free to try to do that with the following code in /etc/shorewall/start" implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts. In the default /etc/shorewall/start # /etc/shorewall/start # # Add commands below that you want to be

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

Hi all, I am looking for an easy shorewall log analyzer, nothing too fancy, just the most blocked traffic on a firewall by IP and port, preferably in daily reports or so. Which tool are you using? Thanks in adv, Erwin ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the

Tom & others, Two suggestions for small improvements in shorewall-interfaces.man. 1. Option dhcp, criterion 3., change "you have a static IP but are on a LAN segment with lots of DHCP clients." to "the interface has a static IP but is on a LAN segment with lots of DHCP clients." 2. Can the effect of the dhcp option be described briefly in one or