similar to: Test

Hi, I am using shorewall accounting feature to measure voice and data traffic passing through my firewall. Now I want to integrate this to Cacti graphs that I use. However, the command output of "shorewall show accounting" shows the bytes and packets counts in K , M and G How can I get the actual bytes from accounting output ? Thanks.

Hello: I just started using Shorewall this morning and must say that I''m very impressed. Much nicer than what I was using previously. I love the ability to type ''shorewall logdrop ww.xx.yy.zz'' and completely block a particular IP address. However, the log part doesn''t happen. When I look in the logdrop chain, there is no LOG prefix. I''ve looked

All of a sudden tonight my web browsing and ssh performance is terrible. I''m on a cable connection and I''m wondering if it could be due to evening bandwidth contention or ISP throttling. If so, I suppose tcdevices numbers are out the window. Can anything be done? - Grant ------------------------------------------------------------------------------ This SF.net email is

I am using shorewall-4.2.5-1 on RHEL-5.2 for a MultiISP connection. Everything works great. I run vpn, proxy, mail relay on the firewall. Hence I do the application level management. So far I was using third party script "gwping" for my failover mechanism. Just wondering if shorewall has any native programs to handle fail over ? Thank you Chakri

------------------------------------------------------------------------ Shoreline Firewall http://www.shorewall.net/ January 9, 2009 press@shorewall.net ------------------------------------------------------------------------ Subject: Public unveiling of logo design competition submissions The Shorewall developers are pleased to

------------------------------------------------------------------------ Shoreline Firewall http://www.shorewall.net/ January 9, 2009 press@shorewall.net ------------------------------------------------------------------------ Subject: Public unveiling of logo design competition submissions The Shorewall developers are pleased to

I would lilke to shape upload ftp bandwidth in a dual ISP setup [shorewall show connections] tcp 6 431215 ESTABLISHED src=192.168.2.89 dst=83.xxx.xxx.23 sport=1487 dport=21 src=83.xxx.xxx.23 dst=10.0.11.2 sport=21 dport=1487 [ASSURED] use=2 mark=1 [tcdevices] #INTERFACE IN-BANDWITH OUT-BANDWIDTH $EIF 970kbit 245kbit $LIF 970kbit 245kbit

Hi all, Is there a way to prohibit users of creating subfolder(s) under a Public Namespace ??? Here is my conf #------------------------------------------------------------------------------------------ log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_ca_file: /etc/postfix/sasl/cacert.pem ssl_cert_file: /etc/postfix/sasl/cert.pem ssl_key_file: /etc/postfix/sasl/key.pem login_dir:

Hi, it seems not to be possible to add more than one host at once to a zone. So shorewall add br0:eth0:192.168.2.10,eth0:192.168.2.11 work fails, since "br0:eth0:192.168.2.10,eth0" is interpreted as one interface. --snip -- iptables v1.2.9: interface name `eth0:192.168.2.10,eth0'' must be shorter than IFNAMSIZ (15) Try `iptables -h'' or ''iptables

OK.. So I synced the clock.... and got .... dovecot: Time just moved backwards by 1 seconds. I'll sleep now until we're back in present. http://wiki.dovecot.org/TimeMovedBackwards ( The first time I did this the clock moved backwards 2 hours after a timezone change and dovecot suicided ) I think I understand the concept ... However a mail server should probably be synchronized to the

Hi, as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html ), it says "Use of this feature requires that your kernel and iptables include CONNMARK target and connmark match support (Warning: Standard Debian™ and Ubuntu™ kernels are lacking that support!)." it means MultiISP wont work properly if i am using Ubuntu server. if yes whats the

For those of you running SuSE 9.1, I do not recommend upgrading to 9.2 at this time. Refer to http://shorewall.net/myfiles.htm for information on my configuration: a) On Ursa: 1) After the upgrade, both of the NICs were recognized as "configured" in YAST yet neither of them would start; ifup claimed that no configuration could be found for either interface. Only got them running

I think it would be nice to be able to rate limit an action, too.. suppose I have an action named Accept_good_source : ACCEPT - - tcp - 1024:65535 ACCEPT - - udp - 1024:65535 and that i want to use it in an action called AllowCVS, i can''t limit the cvs usage, but only the general use of Accept_good_source... same goes for userset... as each rule will give one iptables command, I

Dovecot Version 1.2.11 Created Public Namespaces and folders idx and control are created in each users Maildir/ aka namespace public { prefix=Public/ separator = / location = maildir:/home/Public-Folders-Mail/Public-RO:INDEX=~/Maildir/p1-idx:CONTROL=~/Maildir/p1-ctrl hidden = no subscriptions = no inbox = no } The problem occurs after a user has subscribed to The

Hi all, We are trying to upgrade to iptables 1.4.1+ however the ipp2p module now it is included in the xtables-addons modules. In the xtables-addons modules the commad line for ipp2p is changed and the -m ipp2p --ipp2p option is not supported anymore .... instead the maintainer requires that we use -m ipp2p --bit ... -m ipp2p --kaza for each different P2P protocol. as a result shorewall does

Group, I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source. Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.

Hi I am looking at converting a Linux terminal server box to iptables using Shorewall 2.0. (At the moment it uses ipchains). The server currently has scripts which are called as each user logs in which run a series of "ipchains" commands to set the access rights for that user (and again to cancel them when the user logs out). My plan is to replace these scripts with ones that call

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running, > but I still have a problem: > > Validating hosts file... > Error: Your kernel and/or iptables does not not support policy match: ipsec > > I had a look for netfilter patch-o-matic, but I did not find the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Over the past weekend, I added SPF screening on the MTA at shorewall.net. SPF is a mechanism for a domain to use DNS to publish a list of those IP addresses that are used to send legitimate email from that domain. A receiving MTA can use that published information to determine if email from a domain is being sent through an MTA belonging to that

>From a diff of my current shorewall firewall script with the new one from the CVS today : $ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall [...] 673c910 < for network in $networks; do --- > for networks in $networks; do I don''t think that "for networks in $networks" works well. -- -IAN! Ian! D. Allen Ottawa, Ontario,