similar to: ipp2p traffic not rejected

Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

Hi, I''m running mldonkey on same box as shorewall. I follow this http://mldonkey.sourceforge.net/ShorewallConfiguration to open ports for edonkey protocol I add in /etc/shorewall/rules: # eDonkey 2000 ACCEPT net $FW tcp 4662 ACCEPT net $FW udp 4666 but I could not connect to any edonkey server. I check logs and notice that udp traffic on port 4666 is still dropped. Jul 8 22:35:57

Hi, I''m trying to add following iptables rules to shorewall: iptables -I INPUT -d 192.168.1.1 iptables -I OUTPUT -s 192.168.1.1 What should I put in my custom action or any ware else? I need these rules for munin accounting. iptables -L INPUT -v -n -x Chain INPUT (policy DROP 5 packets, 260 bytes) pkts bytes target prot opt in out source destination 7175

Hi, I am experimenting a little bit with my firewall and I don''t seem to get my head round marks ... I try to mark p2p packets generated on the firewall in the output chain and then try to match that mark either in NAT OUTPUT or POSTROUTING I don''t seem to get the expected result. Any help or clue would be more than welcome. root@droopy:~/firewall > iptables-view -t

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at

Hi, I get this error when trying to insmod the ipp2p kernel module: "insmod: error inserting ''ipt_ipp2p.ko'': -1 Invalid module format" in the kernel log: "ipt_ipp2p: disagrees about version of symbol struct_module" Kernel version 2.6.20.4 iptables version: 1.3.5 ipp2p version: 0.8.2 (latest) Anyone tried ipp2p with kernel 2.6.20? Best Regards Niclas

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the

Hello, loading conntrack resolve my problem ... layer 7 have got a dependency with conntrack but doesn''t load it automaticaly... so module is loaded but no packets match with l7-protocols ... reported as a bug http://sourceforge.net/tracker/index.php?func=detail&aid=1596065&group_id=80085&atid=558668 regards ArcosCom Linux User a écrit : > With: >

https://bugzilla.netfilter.org/show_bug.cgi?id=1224 Bug ID: 1224 Summary: nft export json fails with successful return code Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi. I have a Server''s network with some servers in it, all with 192.168.1.0/25 ips. There is also a router in that network with ip 192.168.1.1. This router also connected to a client''s network 10.10.0.0/16 with ip 10.10.100.1. All services on each server are given their virtual address from one of two virtual networks 192.168.1.128/28 and 192.168.1.144/28. 192.168.1.128/28 is

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hello! Our dormitory has a linux router w/ two DSL links to the Internet; we used ipp2p (http://ipp2p.org/) for filtering peer to peer traffic (as we can not tell whether the content transferred using such p2p tools has been obtained legally or not, so we block that traffic). Up to yesterday we were using kernel 2.6.10.11, which worked perfectly with ipp2p. Now we updated to kernel 2.6.17.4, and

Hello, I''m trying to use iptables rules to prioritize p2p trafic. I use ipp2p-0.8 but it give me errors : Ipt-ipp2p : unknow symbol ntohl Ipt-ipp2p : unknow symbol ntohs When i compiled ipp2p it gave me warnings : "ntohs" …/ipt-ipp2p.ko undefined "ntohl" …/ipt-ipp2p.ko undefined Any suggestion ? gege

Hi, if I want to block ALL p2p traffic, ( bit torrent and apple included )... which is better ? # iptables -A FORWARD -p tcp -m ipp2p --ipp2p --bit --apple -j DROP or... # iptables -A FORWARD -p tcp -m ipp2p --ipp2p -j DROP # iptables -A FORWARD -p tcp -m ipp2p --bit -j DROP # iptables -A FORWARD -p tcp -m ipp2p --apple -j DROP ??? bests andres

Hi I using ipp2p to block p2p traffic. How to enable to use p2p to me host in my net ? I using this setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP This setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -d ! mynet -j DROP iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -s ! mynet -j DROP not

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

Hello every body: I have RedHat fedora core 2 machine, using iptables and squid. I am having a lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have installed ipp2p from rpm. Every thing was ok until I use iptables rules. I get this error. [root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP iptables: No chain/target/match by that name sames

Hello Guys ( and girls, if is there any here :) ), I have a box with IPP2P Installed on it (Debian Etch, ipp2p 0.8.2 tarball, iptables 1.3.6 and kernel 2.6.21), and I''ve identified a problem: I use iptables to apply a mark on the traffic that ipp2p classifies as p2p. In my tc rules, I have granted bandwidth to many traffic classes (http, ssh, streaming, games, p2p, etc) and one

Hello, can anybody interpret what the following means: [root@funke ipp2p-0.8.0]# iptables -t mangle -A MarkList0x666-ipp2p -p tcp -m ipp2p --edk -j MarkSet0x666 iptables: Unknown error 4294967295 ----- I have installed ipp2p-0.8.0 via: make copied ipt_ipp2p.ko to my kernel lib dir copied libipt_ipp2p.so to my iptables lib dir insmod ipt_ipp2p gives the following in dmesg: IPP2P v0.8.0