similar to: Using NFLOG in shorewall6

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

https://bugzilla.netfilter.org/show_bug.cgi?id=921 Summary: log, ulog and nflog: command-line parameters are not supported Product: nftables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at

Hey all, Just a sanity check, but should the shorecap script in shorewall6-lite be sourcing /usr/share/shorewall6-lite/lib.base rather than /usr/share/shorewall-lite/lib.base like it does currently? In fact shouldn''t there be a general s/shorewall-lite/shorewall6-lite/ in shorecap in shorewall6-lite? Maybe there is more of that lurking about as well. Also, the first line of the

I''ve opened up development of Shorewall 4.1. While I had previously announced that Shorewall 4.1 would focus on IPv6, I have since learned that the netfilter team are developing ''xtables'', a unified IP0v4/IPv6 utility. It seems silly to spend the effort to add Shorewall support for IPv6 only to then have to turn around and convert it to use xtables. So I''ve

I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security

I looked online for documentation about this, but couldn''t find it. Is anybody else running a Teredo relay, on a firewall that has both Shorewall and Shorewall6 installed? I''m running IPv6 at home (thanks to a Hurricane Electric tunnel). I''m having trouble with external Teredo clients being able to ping my home IPv6 addresses. All of these clients can reliably ping

http://bugzilla.netfilter.org/show_bug.cgi?id=652 Mariusz Kielpinski <kielpi at poczta.onet.pl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kielpi at poczta.onet.pl Status|ASSIGNED |NEW --- Comment #3 from

http://bugzilla.netfilter.org/show_bug.cgi?id=723 Summary: extensions/libxt_NFLOG.man definines invalid range for - -nflog-group Product: iptables Version: CVS (please indicate timestamp) Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: iptables

https://bugzilla.netfilter.org/show_bug.cgi?id=871 Summary: Running two instances of ulog causes abort in libnfnetlink Product: ulogd Version: SVN (please provide timestamp) Platform: All OS/Version: All Status: NEW Severity: critical Priority: P5 Component: ulogd AssignedTo:

Hi, I have servers where shorewall6 won''t reject nor log: # cat /etc/shorewall6/zones fw firewall net ipv6 # cat /etc/shorewall6/interfaces net eth1 tcpflags (I also tried without "tcpflags", but no changes) # cat /etc/shorewall6/policy $FW all ACCEPT all all REJECT info # cat /etc/shorewall6/rules SECTION NEW (for testing, I removed all the rules) I am testing from

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

https://bugzilla.netfilter.org/show_bug.cgi?id=977 Netbug <b1b30ee4 at opayq.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #27 from Netbug <b1b30ee4 at opayq.com>

I''d like to ask for clarification on the upgrade procedure using tarballs. In the past, with version 4.4, I have downloaded shorewall-4.4.x.y.tar.bz2 and shorewall6-4.4.x.y.tar.bz2, extracted each, and executed ''install.sh -s'' in each directory. Now there is a new package shorewall-core-4.5.x.y.tar.bz2. As I understand it, with version 4.5, this core package needs to be

https://bugzilla.netfilter.org/show_bug.cgi?id=986 Bug ID: 986 Summary: ulogd fails to build against linux headers >= 3.17.0 due to ULOG target removal Product: ulogd Version: SVN (please provide timestamp) Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority:

Hi all, I am looking for an easy shorewall log analyzer, nothing too fancy, just the most blocked traffic on a firewall by IP and port, preferably in daily reports or so. Which tool are you using? Thanks in adv, Erwin ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

Tom In Shorewall6 4.4.27 the following proxyndp entry: 2001:4d48:ad51:24::f3 eth2 eth0 no no does not add the required route. The code produced in /var/lib/shorewall6/.restart is: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add 2001:4d48:ad51:24::f3/128 dev eth2 Splitting the line into 2 separate lines: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E