similar to: Shorewall 4.5.6 RC 1

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

Shorewall 4.5.5.2 is now available for download. Problems Corrected: 1) Previously, when ipp2p was used in the /etc/shorewall/tcpri file, the generated code for saving the packet mark was clearing the connection marks fields not having to do with traffic shaping. It now only alters the traffic-shaping part of the connection mark. 2) Shorewall 4.4.11 allowed UID and GID ranges

Hello all, I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ? Thanks Fred

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

Beta 1 is now available for testing. Problems Corrected: 1) This version includes all defect repairs from Shorewall 4.5.2.1 - 4.5.2.3. 2) The LOCKFILE setting in shorewall.conf and shorewall6.conf had become inadvertently undocumented. It is now documented again. New Features: 1) The ''-T'' option is now supported in the Shorewall and Shorewall6

Beta 1 is now available for testing. Problems Corrected: 1) This version includes all defect repairs from Shorewall 4.5.2.1 - 4.5.2.3. 2) The LOCKFILE setting in shorewall.conf and shorewall6.conf had become inadvertently undocumented. It is now documented again. New Features: 1) The ''-T'' option is now supported in the Shorewall and Shorewall6

Hi, How can I tell shorewall to block any ip address if it generate x no of request within x no of seconds. I want to filter SYN, ICMP and HTTP Get floods etc. Is it possible have a minimum local level deterrence against ddos attacks at firewall level? -- AzfarHashmi Cloudways Your Managed Cloud e: azfar.hashmi@cloudways.com w: www.cloudways.com <http://www.cloudways.com> PGP

Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards,

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

Hello Asterisk sits in a Vserver guest (192.168.3.9) on the firewall. I can''t seem to get the sip helper to mark the SIP packets though. I have an ftp client on a different Vserver guest on the firewall. If I put ftp in the HELPER column of tcrules I can mark those packets. With sip in the HELPER column though nothing happens. Attached is a "shorewall dump > dump.txt"

Hi, Hi, I get an error with TC Simple. System: shorewall 4.5.6.2 kernel 3.5.3 iptables 1.4.13 xtables 1.45 iproute2 3.5.1 OS: gentoo/linux amd64 when shorewall executes this command: tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 It fails with this error: RTNETLINK answers: No such file or directory We have an error

When Shorewall refreshes the config I get following in the log.. kernel: ip_tables: MARK target: only valid in mangle table, not filter logger: Shorewall refreshed Is that something I should worry about? Thanks P.S.  shorewall version 4.5.0.2 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the

Tom, There appears to be a broken link on the online manpage for shorewall.conf http://www.shorewall.net/manpages/shorewall.conf.html " *GEOIPDIR*=[/pathname/] Added in Shorewall 4.5.4. Specifies the pathname of the directory containing the /GeoIP Match/ database. See http://www.shorewall.net/ISOCODES.html. If not specified, the default value is

any howto for this ? will shorewall-lite with ssh work if the hardware router have ssh login ? just imho ssh commands is not iptables at all :( even the router is linux kernels, any google hints ? -- Benny Pedersen ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s

Just installed psad and am testing it. This morning I awoke to an email saying: [-] You may just need to add a default logging rule to the /sbin/ip6tables ''filter'' ''INPUT'' chain on hydra. For more information, see the file "FW_HELP" in the psad sources directory or visit: http://www.cipherdyne.org/psad/docs/fwconfig.html Well I have

On http://www.shorewall.net/ISO-3661.html in the ''Introduction'', shouldn''t that /etc/shorewall/rules instead of /etc/shorewall/tcrules ? Bill ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT

I know someone who for the past 4 days has been having the heck ddosed out of him. He runs a gaming server, and ran a report on the ddos; he has 8 pages of that and a few hours ago there were 16 pages. They''re attacking his machine on random ports and he blocks UDP traffic on those ports, but they keep attacking on other ports. So far he''s banned over 800,000 IP''s.

I''m using Roberto''s squeeze repository on an old lenny VM that I just updated from 4.5.2.something to 4.5.3. After the update I was seeing this during start/restart: Initializing... /usr/share/shorewall/modules: line 19: ?INCLUDE: command not found /usr/share/shorewall/modules: line 23: ?INCLUDE: command not found /usr/share/shorewall/modules: line 27: ?INCLUDE: command not

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net