similar to: Shorewall 4.2.10

Shorewall 4.3.11 is now available for testing. Much of what is in this release is below the surface. Many of the modules have been reorganized to provide for more readable code and to eliminate a lot of parameter passing. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 11

Shorewall 4.3.7 is available for testing. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 7 ---------------------------------------------------------------------------- 1) Klemens Rutz reported a problem that affects all Shorewall-perl 4.2 and 4.3 versions. The problem: a) Only occurs when

Beta 4 is now ready for testing. http://www.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/ ftp://ftp.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/ ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 Beta 4

Hello, shorewall6 seem to have problems duplicating the main routing table. shorewall6 tries to add the fe80::/64 route of every ipv6 configured interface to routing table 1. The first route applies but the other ones not. If i try to add the routes manually to routing table 1 i have to add the first fe80::/64 route and append not add the other ones. does not work: ip -6 route add table 1

Hi, I am wondering if it is possible to do the following with shorewall. I operate a network with some additional IP''s that are SNAT''d to various server machines on my network. One of my machines is a Terminal server. I need to be able to RDP to various servers for clients, that are IP locked for RDP on my PtP address, not the SNAT address of my Terminal server. Can I

Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc). Kernel 2.4.29 tcdevices, tcrules, and tcclasses are clones of the wondershaper example (http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp. With TC_ENABLED=Internal in shorewall.conf: ---- Validating /etc/shorewall/tcdevices... Validating /etc/shorewall/tcclasses... ERROR: device A seems not to be

Hi, I have servers where shorewall6 won''t reject nor log: # cat /etc/shorewall6/zones fw firewall net ipv6 # cat /etc/shorewall6/interfaces net eth1 tcpflags (I also tried without "tcpflags", but no changes) # cat /etc/shorewall6/policy $FW all ACCEPT all all REJECT info # cat /etc/shorewall6/rules SECTION NEW (for testing, I removed all the rules) I am testing from

Hey all, Just a sanity check, but should the shorecap script in shorewall6-lite be sourcing /usr/share/shorewall6-lite/lib.base rather than /usr/share/shorewall-lite/lib.base like it does currently? In fact shouldn''t there be a general s/shorewall-lite/shorewall6-lite/ in shorecap in shorewall6-lite? Maybe there is more of that lurking about as well. Also, the first line of the

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

I''d like to ask for clarification on the upgrade procedure using tarballs. In the past, with version 4.4, I have downloaded shorewall-4.4.x.y.tar.bz2 and shorewall6-4.4.x.y.tar.bz2, extracted each, and executed ''install.sh -s'' in each directory. Now there is a new package shorewall-core-4.5.x.y.tar.bz2. As I understand it, with version 4.5, this core package needs to be

I''m trying to have a exec dependency on a service object that would keep it from being restarted if the exec fails. Unfortunately, the service gets refreshed regardless whenever the exec is run, failure or not. I''ve tried various combinations of subscribe/require/notify, but can''t find an elegant way to not restart the service when the dependency fails. I must be

Hello, I have set up 2 PXE servers, on Linux Debian Sarge and Etch, on which I use syslinux + ISC dhcp3 + tftp-hpa for booting. The older one, on Sarge, has been working fine for more than a year, great :-) The new one, on Etch, with the exact same config files, does not : the DHCP part seems to work, but at the end pxelinux seems to lose the server's IP address; this what I see on the

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

I looked online for documentation about this, but couldn''t find it. Is anybody else running a Teredo relay, on a firewall that has both Shorewall and Shorewall6 installed? I''m running IPv6 at home (thanks to a Hurricane Electric tunnel). I''m having trouble with external Teredo clients being able to ping my home IPv6 addresses. All of these clients can reliably ping

Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the

In working through an IPv6/TPROXY issue I had, I believe I found a documentation bug: http://www.shorewall.net/manpages6/shorewall6-tcrules.html In the ACTION section, for part 12. SAME: The documentation lists: #ACTION SOURCE DEST PROTO DEST # PORT(S) SAME:P 192.168.1.0/24 0.0.0.0/0 tcp

I have tried to follow the HOWTO''s as best I could to add some traffic shaping to my existing shorewall firewall/router. What I am trying to achieve Top priority to all voip traffic, regardless of sip, iax2 etc. Higher priority for interactive traffic - ssh, http General queue for everything else, but A low priority queue for any ipp2p traffic What I have achieved..... Almost

Hi, I''m trying to configure QOS , but I''m don''t have success. My files: #/etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 256kbit 256kbit eth1 256kbit 256kbit eth2 256kbit 256kbit #/etc/shorewall/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth1