similar to: Shorewall 4.5.3 Beta 1

Shorewall 4.5.5.2 is now available for download. Problems Corrected: 1) Previously, when ipp2p was used in the /etc/shorewall/tcpri file, the generated code for saving the packet mark was clearing the connection marks fields not having to do with traffic shaping. It now only alters the traffic-shaping part of the connection mark. 2) Shorewall 4.4.11 allowed UID and GID ranges

Shorewall 4.5.6 RC 1 is now available for testing. Problems corrected since Beta 4: 1) In the generated script, the logic for handling wildcard interfaces with the ''wait=n'' option was incorrect. For each matching interface, the script would check its readiness n times in rapid succession. The script now sleeps 1 second between checks. 2) Previously, the tcrules

Shorewall 4.5.6 RC 1 is now available for testing. Problems corrected since Beta 4: 1) In the generated script, the logic for handling wildcard interfaces with the ''wait=n'' option was incorrect. For each matching interface, the script would check its readiness n times in rapid succession. The script now sleeps 1 second between checks. 2) Previously, the tcrules

Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards,

I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

any howto for this ? will shorewall-lite with ssh work if the hardware router have ssh login ? just imho ssh commands is not iptables at all :( even the router is linux kernels, any google hints ? -- Benny Pedersen ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s

Hi, Hi, I get an error with TC Simple. System: shorewall 4.5.6.2 kernel 3.5.3 iptables 1.4.13 xtables 1.45 iproute2 3.5.1 OS: gentoo/linux amd64 when shorewall executes this command: tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 It fails with this error: RTNETLINK answers: No such file or directory We have an error

Hello all, I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ? Thanks Fred

Hi All It''s about time to upgrade my shorewall routers again so thinking of possible changes. In our main office have managed switches and 5 xen servers. I''m thinking of running the firewall/router under xen. Don''t have all the details figured out but this is roughly what I''m thinking of: Set up separate vlan for the two isps and plug isps into the switch.

Hi, How can I tell shorewall to block any ip address if it generate x no of request within x no of seconds. I want to filter SYN, ICMP and HTTP Get floods etc. Is it possible have a minimum local level deterrence against ddos attacks at firewall level? -- AzfarHashmi Cloudways Your Managed Cloud e: azfar.hashmi@cloudways.com w: www.cloudways.com <http://www.cloudways.com> PGP

I''m using Roberto''s squeeze repository on an old lenny VM that I just updated from 4.5.2.something to 4.5.3. After the update I was seeing this during start/restart: Initializing... /usr/share/shorewall/modules: line 19: ?INCLUDE: command not found /usr/share/shorewall/modules: line 23: ?INCLUDE: command not found /usr/share/shorewall/modules: line 27: ?INCLUDE: command not

Hello Asterisk sits in a Vserver guest (192.168.3.9) on the firewall. I can''t seem to get the sip helper to mark the SIP packets though. I have an ftp client on a different Vserver guest on the firewall. If I put ftp in the HELPER column of tcrules I can mark those packets. With sip in the HELPER column though nothing happens. Attached is a "shorewall dump > dump.txt"

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

When Shorewall refreshes the config I get following in the log.. kernel: ip_tables: MARK target: only valid in mangle table, not filter logger: Shorewall refreshed Is that something I should worry about? Thanks P.S.  shorewall version 4.5.0.2 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the

Tom, There appears to be a broken link on the online manpage for shorewall.conf http://www.shorewall.net/manpages/shorewall.conf.html " *GEOIPDIR*=[/pathname/] Added in Shorewall 4.5.4. Specifies the pathname of the directory containing the /GeoIP Match/ database. See http://www.shorewall.net/ISOCODES.html. If not specified, the default value is

Just installed psad and am testing it. This morning I awoke to an email saying: [-] You may just need to add a default logging rule to the /sbin/ip6tables ''filter'' ''INPUT'' chain on hydra. For more information, see the file "FW_HELP" in the psad sources directory or visit: http://www.cipherdyne.org/psad/docs/fwconfig.html Well I have