similar to: ERROR: Duplicate Host Group

Hi All, I''m using shorewall 4.0.15-1 on debian 5.0.5 and It works fine. I want to start using rules based on users. This is supported in the shorewall-rules file, However it seems that each rule can only be associated with one user or group. Does this mean that I cannot have a rule apply to several users which belong to several groups? Will creating duplicate rules for each user

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and

Togan Muftuoglu has just informed me that Shorewall is now available in the following repositories: <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.2> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.3> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_Factory> Thanks Togan!! -Tom -- Tom Eastep

Hello, It seems that the following restriction is not shown in the online man page for tcrules: ERROR: SOURCE/DEST PORT(S) not allowed with PROTO all : /tmp/shorewall/tcrules (line 2) Please let me know if this is expressed otherwise in the documentation. Thanks. ------------------------------------------------------------------------------ EditLive Enterprise is the world''s most

On 28/07/2010 15:45, shorewall-users-request@lists.sourceforge.net wrote: > On 7/28/10 1:50 AM, Andrea Perdicchia wrote: > >> > Hi all, >> > Is possible log mac address in shorewall? >> > I try all configuration "debug,info..." in /etc/shorewall/shorewall.conf >> > but in /var/log/messages the log show only few information and not mac

hello before asking my question I come My name is Santiago and I''m from Spain but I''m in Colombia I followed this guide: https://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html but when I run shorewall check, this error occurs: Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... ERROR: Invalid

Hi, i am using squid as a transparent proxy. i have added this 3 lines to my rules file ACCEPT $FW net tcp www ACCEPT loc $FW tcp 8080 REDIRECT loc 8080 tcp www - !192.168.100.2 i want to limit the number of connection that are made from every pc on the network to the proxy server. if i change the 2nd rule to ACCEPT loc $FW tcp 8080

Hi all, Im new to shorewell, can anyone guide me whether I can use shorewell for my work. I have a requirement in our work: Each system shall have two Ethernet card interfaces(system means hardware devices, servers, clients in other words any device or host used in the project). The IP address of each interface will be of different networks, subnets and gateways completely. Bcoz if one of

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

I am attempting to use the Knock.pm from http://www.shorewall.net/ManualChains.html I am not having much luck making the DNAT- knock work for some reason. Anyone else using this on 4.4.4 that can verify if this still works as documented? Thanks ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the

Hi everyone! I need to create a rule that return back the packages sender. For example, if the IP 200.xxx.xxx.xxx tries to connect to my firewall in one specific port, the rules turns back the connection to 200.xxx.xxx.xxx. With this rule the Engineers Department will test some equipments with GSM chips. One point to observe is that we don''t know witch IP will connect to this rules.

Hi, I have recently installed shorewall with a very simple rules configuration, ---------------------------------- #SECTION RELATED SECTION NEW Ping/ACCEPT all $FW Trcrt/ACCEPT all $FW SSH/ACCEPT all $FW ACCEPT net $FW tcp http #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ----------------------------------------- and I have no

Hi List, I have a new install of CentOS 6.2 and shorewall 4.5.1-2. I usually have no issues with shorewall until now. When I execute < #shorewall start > I get the following error. root@poweredge > /etc/shorewall# shorewall start Compiling... Can''t locate Shorewall/Compiler.pm in @INC (@INC contains: /usr/share/shorewall /usr/local/lib/perl5 /usr/local/share/perl5

Hi, I just add these file rules: DNAT net loc:192.168.8.35 tcp - - 202.158.70.38 DNAT net loc:192.168.8.36 tcp - - 202.158.70.38 DNAT net loc:192.168.8.37 tcp - - 202.158.70.38 And these on file nat: 202.158.70.38 eth0 192.168.8.35 no no 202.158.70.38 eth0 192.168.8.36 no no 202.158.70.38 eth0 192.168.8.37 no no I try to connect to the internet and check the IP and all hosts returns

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks. Willy Mularto sangprabv@gmail.com ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev

Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918