similar to: shorewall6-lite's shorecap sourcing /usr/share/shorewall-lite/lib.base?

Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the

I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security

I looked online for documentation about this, but couldn''t find it. Is anybody else running a Teredo relay, on a firewall that has both Shorewall and Shorewall6 installed? I''m running IPv6 at home (thanks to a Hurricane Electric tunnel). I''m having trouble with external Teredo clients being able to ping my home IPv6 addresses. All of these clients can reliably ping

Hi, I have servers where shorewall6 won''t reject nor log: # cat /etc/shorewall6/zones fw firewall net ipv6 # cat /etc/shorewall6/interfaces net eth1 tcpflags (I also tried without "tcpflags", but no changes) # cat /etc/shorewall6/policy $FW all ACCEPT all all REJECT info # cat /etc/shorewall6/rules SECTION NEW (for testing, I removed all the rules) I am testing from

I''d like to ask for clarification on the upgrade procedure using tarballs. In the past, with version 4.4, I have downloaded shorewall-4.4.x.y.tar.bz2 and shorewall6-4.4.x.y.tar.bz2, extracted each, and executed ''install.sh -s'' in each directory. Now there is a new package shorewall-core-4.5.x.y.tar.bz2. As I understand it, with version 4.5, this core package needs to be

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

Tom In Shorewall6 4.4.27 the following proxyndp entry: 2001:4d48:ad51:24::f3 eth2 eth0 no no does not add the required route. The code produced in /var/lib/shorewall6/.restart is: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add 2001:4d48:ad51:24::f3/128 dev eth2 Splitting the line into 2 separate lines: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

I wonder if anyone is running IPv6 under Centos-5.2? Particularly with shorewall? I see that shorewall6 is specifically designed for updating shorewall to IPv6, as described in <http://www.shorewall.net/IPv6Support.html>. Unfortunately, this explicity requires kernel 2.6.25 or later, and iptables 1.4.0 or later, both of which are later than any versions I've seen on a Centos

Shorewall 4.5.20 is now available for download. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) On some distributions, the shorewall-lite and shorewall6-lite uninstallers could fail with a syntax error. 2) A

I''m attaching a few changes that are specific to Arch Linux and are motivated by our recent switch to systemd. System V init scripts are no longer used/supported on Arch Linux and, therefore, the Arch Linux init scripts can be removed from Shorewall. The two patches that follow are based against master; if it''s possible to apply them to the upcoming Shorewall 4.5.13 as well,

Hello, shorewall6 seem to have problems duplicating the main routing table. shorewall6 tries to add the fe80::/64 route of every ipv6 configured interface to routing table 1. The first route applies but the other ones not. If i try to add the routes manually to routing table 1 i have to add the first fe80::/64 route and append not add the other ones. does not work: ip -6 route add table 1

Hey, I have a setup that has one machine communicating to a server using UDP over IPv6. For specifics, it is using collectd with a boosted MaxPacketSize in the network config. What this means is there is some IP fragmentation happening, and that is getting REJECTed. My policy is to REJECT, and I have an ALLOW for the particular communication I want. What I''m getting in my logs is

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

I''m converting my network from a "one interface per segment" to a "single connection with vlans", well, some hardware I have requires using different vlan IDs. suffice it to say I need bridges to connect a few different vlans that should all be one but can''t be because of firmware constraints. so my first step is to get shorewall to know about bridges.

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the