similar to: Shorewall 4.4.19.4

Hello, From a user perspective, the simple (tcpri) and complex TC configs offers two rather distinct choices. A user can very well be OK with only using the simple way and that''s very fine. Then again, even in doing so, the more complex config options are available. What is the interplay between the two as far as having some parameters configured in both at the same time ? So far

Hi, Attached is patch for correcting zones in Samples6 for iv6 Thanks Togan ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters.

I am wanting to verify that I am properly using the MASQ for a series of hosts. I have 2 providers, and my providers file has the contents: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY l3 1 100 main eth0.100 1.18.139.1 track,loose,fallback eth1 ws 2 200 main eth0.101 1.155.136.193

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

Hi, Hi, I get an error with TC Simple. System: shorewall 4.5.6.2 kernel 3.5.3 iptables 1.4.13 xtables 1.45 iproute2 3.5.1 OS: gentoo/linux amd64 when shorewall executes this command: tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 It fails with this error: RTNETLINK answers: No such file or directory We have an error

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

Shorewall 4.5.5.2 is now available for download. Problems Corrected: 1) Previously, when ipp2p was used in the /etc/shorewall/tcpri file, the generated code for saving the packet mark was clearing the connection marks fields not having to do with traffic shaping. It now only alters the traffic-shaping part of the connection mark. 2) Shorewall 4.4.11 allowed UID and GID ranges

Shorewall 4.3.11 is now available for testing. Much of what is in this release is below the surface. Many of the modules have been reorganized to provide for more readable code and to eliminate a lot of parameter passing. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 11

I have two boxes for the purpose of testing traffic control and my knowledge thereof (which is at the inkling stage). The boxes are connected by 100Mbit ethernet cards via a switch. For egress traffic via eth0 I achieve a throughput that is close to the specified CEILing, particularly for values above 1mbit. Ingress traffic does not seem so well behaved. Above about 1mbit rates achieved are

Hi there, we are using a couple of Diskless Linux Workstations in conjunction with PXE capabable Network cards to boot the system. This works fine using pxelinux. However, there are a few workstations left, which are not able to boot via PXE and thus this workstations need a Kernel on a floppy disk and an additional initrd image. The Problem with is, that both of them don't fit on a floppy

https://bugzilla.netfilter.org/show_bug.cgi?id=1650 --- Comment #5 from Wang Jian <larkwang at gmail.com> --- > > This internal:0:0-0 is incorrect error reporting. > > Could you run nftables with git HEAD? It contains this fix: > > commit 5e39a34b196d68b803911aa13066fef2f83dc98c > Author: Pablo Neira Ayuso <pablo at netfilter.org> > Date: Mon Mar 27 16:36:31

Will someone please write a program that can be used to assist with u32 matches? What I envision is something like ipchains'' "--check" option, which tests a packet against the selected chain. tcfilter should check against the loaded filters. It would be REALLY nice if: 1) counters (showing the number of hits (in packets)) could be included. 2) a debug mode showing what the

I''m using shorewall with openvpn and traffic shaping at all of our offices. I have noticed for a while that occasionally ping times are excessive. Usually this is during overnight off site backups but some times during the day. I have assumed the is was an ISP issue but now I''m suspecting it''s problem with openvpn and traffic shaping. In the test case have 2 sites

Hi all, I have a dataset with one column like below: ID 1001 1001 1001 1122 1122 1122 1421 1421 1789 1789 .. These numbers are no in sequence and they have different repeats. How could replace them with sequenced numbers? Such as follows replacing the ID column with the SID column. ID SID 1001 1001 1001 1001 1001 1001 1122 1002 1122 1002 1122 1002 1421 1003 1421 1003 1789 1004 1789 1004

On Mon, Apr 7, 2014 at 12:09 PM, Joerg Sonnenberger <joerg at britannica.bec.de > wrote: > On Mon, Apr 07, 2014 at 08:38:58AM -0600, Richard wrote: > > Oops, meant to send this to the mailing list instead of to Reid > > privately. (Why cc the mailing list instead of just sending to the > > mailing list?) > > > > In article <CACs= >

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

https://bugzilla.netfilter.org/show_bug.cgi?id=1302 Bug ID: 1302 Summary: iptables v1.8.0 (nf_tables) has a problem inverting in-interface and maybe out Product: iptables Version: CVS (please indicate timestamp) Hardware: x86_64 OS: All Status: NEW Severity: major Priority:

https://bugzilla.netfilter.org/show_bug.cgi?id=1402 Bug ID: 1402 Summary: Race errors with nft Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1188 Bug ID: 1188 Summary: nft fails to parse own output; unable to save-restore active state Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft