Displaying 20 results from an estimated 2000 matches similar to: "Problem with iprange in shorewall 4.0.2"
2008 Dec 31
5
Problem with "routeback, blacklist, tcpflags" in Shorewall 4.2.4-2
Hi,
enabling this line in hosts file
"WAN
eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
routeback,blacklist,tcpflags"
results in this error message
--
Preparing iptables-restore input...
Running /usr/sbin/iptables-restore...
iptables-restore v1.3.8: error creating chain ''ACCEPT'':File exists
Error occurred at line: 29
Try
2010 Mar 09
2
[Bug 639] New: iptables iprange
http://bugzilla.netfilter.org/show_bug.cgi?id=639
Summary: iptables iprange
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: blocker
Priority: P1
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: paulo.santos at
2004 Aug 12
5
shorewall iprange problem
Perhaps someone can help me understand why this is happening. I''m
trying to write a script using ''shorewall iprange'' to parse some ip
ranges into subnets so that i can place them into the blocklist. I keep
getting an error when i run the script though.
Here is the script:
#!/bin/csh
foreach i (`cat ipranges`)
shorewall iprange $i >>
2008 Dec 25
2
Problems with exclusion in host definition - shorewall 4.2.3 latest
Hi,
usually my shorewall inst. uses compiler=perl.
While some tests I changed my config to compiler=shell, and in this case
I get an error like this:
--------------------------------------------------------
Setting up TCP Flags checking...
iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0'' not found
Try `iptables -h'' or ''iptables --help'' for more
2011 Mar 18
6
[Bug 711] New: iptables -m iprange causes unknown error
http://bugzilla.netfilter.org/show_bug.cgi?id=711
Summary: iptables -m iprange causes unknown error
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: ip_tables (kernel)
AssignedTo: netfilter-buglog at
2011 Aug 29
2
[Bug 742] New: ip6tables "-m iprange" ipv6 range detection
http://bugzilla.netfilter.org/show_bug.cgi?id=742
Summary: ip6tables "-m iprange" ipv6 range detection
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: SuSE Linux
Status: NEW
Severity: critical
Priority: P5
Component: ip6_tables (kernel)
AssignedTo:
2005 Jan 11
0
shorewall iprange tweak
I often find myself doing,
whois some.damned.ip.address
and then copying and pasting the address range for
the miscreant in question, and doing,
shorewall iprange x.x.x.x-y.y.y.y
with the aim to drop the entire range.
My one minor complaint is that I often have to edit out
the spaces between the hyphen when copying and pasting
the address range returned by whois. I tweaked the shorewall
2005 Oct 11
0
iptables iprange match
Hello list!:
Well, I was able to install xen 2.0.7 using a 2.4.30 kernel in a domU.
The domU have installed gcc3.4 .. after
yum -y install compat-gcc*
and put CC=gcc33 in all make commands and other changes as here:
http://lists.xensource.com/archives/html/xen-users/2005-08/msg00258.html
I''m trying to use the iprange match, but every time when I want apply a
rule I receives:
2014 May 07
1
[Bug 922] New: iprange: --ports is not suppported
https://bugzilla.netfilter.org/show_bug.cgi?id=922
Summary: iprange: --ports is not suppported
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: anarey
2007 Aug 21
10
Bug in Multi-ISP support
In helping a user on IRC today, I was dismayed to find that a bug that
was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I
found that the bug is present as far back as 3.2.6 (I didn''t look back
further since 3.2.6 was the release where the user (re-) discovered the
bug.
If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are
behaving as if TC_EXPERT=Yes was
2007 Aug 21
10
Bug in Multi-ISP support
In helping a user on IRC today, I was dismayed to find that a bug that
was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I
found that the bug is present as far back as 3.2.6 (I didn''t look back
further since 3.2.6 was the release where the user (re-) discovered the
bug.
If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are
behaving as if TC_EXPERT=Yes was
2013 Jan 08
4
Splunk Module Development Recommendations
Good morning,
We''ve been testing PE and beginning developing modules for our
infrastructure. One of the modules I''m looking to create is an installation
for Splunk, with the primary focus at this time, on the Forwarder. I
already have the splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb package
being fetched from the Master and also performing the installation via
dpkg. I
2007 Aug 24
3
traffic shaping stranges
Hello list,
I discover strange behaviour of shaping traffic that i setup from
Shorewall-4.0.2.
I know that this is not Shorewall problem but may be somebody from list
can help me
or explain this situation.
I have follow interfaces in 'tcdevices' files:
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
#
$EXT_IF 500kbit 248kbit
$INT1_IF 500mbit
2007 Aug 06
3
how do I use shorewall to protect server from ARP spoofing attack ?
My firewall is using shorewall 3.0.x and CentOS
Recently, I found that firewall is attaching from ARP spoofing..
There are a lot of "out of socket memory" in messages log
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and
2007 Aug 23
4
Monthly traffic limit
Hi Shorewall Users :)
I have found shorewall firewall and seems to be interesting.
I need to setup a configuration my my network users because i only have 50gb
of traffic per month.
I want to know if the shorewall can make a 48gb per month limit, but
everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count.
Can shorewall do that ?
--
Sem Mais
Rui Oliveira
351 - Portugal
2007 Oct 11
5
Web log viewer
Hi.
What system or software are you using to show the iptables log files
(for example the dropped packages tagged as LOG in the Shorewall
rules)?
Thank you very much!
Bye.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files
2007 Jul 22
4
[Patch] Support embedded systems better
Hi,
I am one of the developers of the FreeWRT project and I want to give
you some feedback. Shorewall runs quite fine on our supported devices,
but we need to patch Shorewall to get it
running as expected. The problem is the ip command and busybox 1.4.2.
Some words about busybox:
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable.
2007 Aug 20
6
have to restart shorewall after a dynamic IP change
Hi,
I''ve to restart shorewall when my dynamic IP was changed from my ISP.
Of course i can with a shell script do it automatically, but the
question is still there.. why ?
mess-mate
--
"I understand this is your first dead client," Sabian was saying. The
absurdity of the statement made me want to laugh but they don''t call me
Deadpan
2007 Nov 07
3
Blacklist questions ...
This mail goes mainly to Tom, as he sent some Laptop configurations files
to the list.
I checked the files you had sent to the list as answer to
[Shorewall-users] Shorewall on a laptop
Now - Is there a specific reason why you actually lock/blacklist the
following ports ?
- udp 1024:1033,1434
- tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898
These should IMHO be blocked by
2007 Nov 09
3
Shorewall + Squid transparent + Apache
I remember to see something about that in shorewall.net some time ago,
but I could not find it today ...
The case :
Debian Etch, Shorewall 3.2.6, squid3 and Apache 2 .
The first 3 where already running fine for some time ...
Now I need to setup an Apache server to allow some web mannagement,
things like PHPsysinfo, phppgadmin, just for internal net, no web access .
but port 80 is redirected to