similar to: Problem with iprange in shorewall 4.0.2

Hi, enabling this line in hosts file "WAN eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 routeback,blacklist,tcpflags" results in this error message -- Preparing iptables-restore input... Running /usr/sbin/iptables-restore... iptables-restore v1.3.8: error creating chain ''ACCEPT'':File exists Error occurred at line: 29 Try

http://bugzilla.netfilter.org/show_bug.cgi?id=639 Summary: iptables iprange Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P1 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: paulo.santos at

Perhaps someone can help me understand why this is happening. I''m trying to write a script using ''shorewall iprange'' to parse some ip ranges into subnets so that i can place them into the blocklist. I keep getting an error when i run the script though. Here is the script: #!/bin/csh foreach i (`cat ipranges`) shorewall iprange $i >>

Hi, usually my shorewall inst. uses compiler=perl. While some tests I changed my config to compiler=shell, and in this case I get an error like this: -------------------------------------------------------- Setting up TCP Flags checking... iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0'' not found Try `iptables -h'' or ''iptables --help'' for more

http://bugzilla.netfilter.org/show_bug.cgi?id=711 Summary: iptables -m iprange causes unknown error Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: ip_tables (kernel) AssignedTo: netfilter-buglog at

http://bugzilla.netfilter.org/show_bug.cgi?id=742 Summary: ip6tables "-m iprange" ipv6 range detection Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: SuSE Linux Status: NEW Severity: critical Priority: P5 Component: ip6_tables (kernel) AssignedTo:

I often find myself doing, whois some.damned.ip.address and then copying and pasting the address range for the miscreant in question, and doing, shorewall iprange x.x.x.x-y.y.y.y with the aim to drop the entire range. My one minor complaint is that I often have to edit out the spaces between the hyphen when copying and pasting the address range returned by whois. I tweaked the shorewall

Hello list!: Well, I was able to install xen 2.0.7 using a 2.4.30 kernel in a domU. The domU have installed gcc3.4 .. after yum -y install compat-gcc* and put CC=gcc33 in all make commands and other changes as here: http://lists.xensource.com/archives/html/xen-users/2005-08/msg00258.html I''m trying to use the iprange match, but every time when I want apply a rule I receives:

https://bugzilla.netfilter.org/show_bug.cgi?id=922 Summary: iprange: --ports is not suppported Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy: anarey

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

Good morning, We''ve been testing PE and beginning developing modules for our infrastructure. One of the modules I''m looking to create is an installation for Splunk, with the primary focus at this time, on the Forwarder. I already have the splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb package being fetched from the Master and also performing the installation via dpkg. I

Hello list, I discover strange behaviour of shaping traffic that i setup from Shorewall-4.0.2. I know that this is not Shorewall problem but may be somebody from list can help me or explain this situation. I have follow interfaces in 'tcdevices' files: #INTERFACE IN-BANDWITH OUT-BANDWIDTH # $EXT_IF 500kbit 248kbit $INT1_IF 500mbit

My firewall is using shorewall 3.0.x and CentOS Recently, I found that firewall is attaching from ARP spoofing.. There are a lot of "out of socket memory" in messages log ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and

Hi Shorewall Users :) I have found shorewall firewall and seems to be interesting. I need to setup a configuration my my network users because i only have 50gb of traffic per month. I want to know if the shorewall can make a 48gb per month limit, but everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count. Can shorewall do that ? -- Sem Mais Rui Oliveira 351 - Portugal

Hi. What system or software are you using to show the iptables log files (for example the dropped packages tagged as LOG in the Shorewall rules)? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files

Hi, I am one of the developers of the FreeWRT project and I want to give you some feedback. Shorewall runs quite fine on our supported devices, but we need to patch Shorewall to get it running as expected. The problem is the ip command and busybox 1.4.2. Some words about busybox: BusyBox is a multi-call binary that combines many common Unix utilities into a single executable.

Hi, I''ve to restart shorewall when my dynamic IP was changed from my ISP. Of course i can with a shell script do it automatically, but the question is still there.. why ? mess-mate -- "I understand this is your first dead client," Sabian was saying. The absurdity of the statement made me want to laugh but they don''t call me Deadpan

This mail goes mainly to Tom, as he sent some Laptop configurations files to the list. I checked the files you had sent to the list as answer to [Shorewall-users] Shorewall on a laptop Now - Is there a specific reason why you actually lock/blacklist the following ports ? - udp 1024:1033,1434 - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 These should IMHO be blocked by

I remember to see something about that in shorewall.net some time ago, but I could not find it today ... The case : Debian Etch, Shorewall 3.2.6, squid3 and Apache 2 . The first 3 where already running fine for some time ... Now I need to setup an Apache server to allow some web mannagement, things like PHPsysinfo, phppgadmin, just for internal net, no web access . but port 80 is redirected to