similar to: Shorewall DNAT to IPSET

Please see https://bugzilla.redhat.com/show_bug.cgi?id=727648 for more info. Shorewall executes some bash code like the following: while read address interface external haveroute; do qt $IP -4 neigh del proxy $address dev $external [ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del $address/32 dev $interface

I''m using Shorewall with a load-balanced muti-ISP config along with LSM for failover. It''s working great, except for DNS requests. I''d appreciate some advice on how to best configure this. The WAN connections are a T1 through XO and a cable connection through Comcast. About 80% of the traffic is routed out the Comcast connection under normal connections. I would

Hello, I would appreciate any feedback/suggestions on my Shorewall configuration for a standalone laptop Debian Squeeze configuration for ppp0 and wlan0, set out below: ------------------ My current system: ------------------ I have successfuly configured Shorewall 4.4.11.6 on my standalone Debian Squeeze laptop for a ppp0 (Mobile broadband) connection using GNOME PPP, works great (refer to

Hi, Just to pass the news [1],shorewall firewall package will be part of the next openSUSE release, meaning users would not need to set up an extra repository (of course they can always choose to follow the development repo). Thanks to all answering my questions Togan [1]<http://lizards.opensuse.org/2011/08/05/factory-progress-2011-08-05/>

Hi, Just to pass the news [1],shorewall firewall package will be part of the next openSUSE release, meaning users would not need to set up an extra repository (of course they can always choose to follow the development repo). Thanks to all answering my questions Togan [1]<http://lizards.opensuse.org/2011/08/05/factory-progress-2011-08-05/>

None of my systems can use lld2d to map the network when connected via wireless, but it works fine over the wireful network. the wireless is client -> hostapd -> ath5k -> bridge -> kernel with shorewall handling the bridge and kernel, as best I can explain it. on the bridge is also a wired device and a bunch of other PCs. the wired PCs can all map using lld2d just fine. lld2d

http://bugzilla.netfilter.org/show_bug.cgi?id=733 Summary: ipset restore won't restore from output of ipset save Product: ipset Version: unspecified Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: default AssignedTo: netfilter-buglog at

ipset on CentOS6 comes with /etc/rc.d/init.d/ipset so that "service ipset reload" can be used to (re)load the configuration. CentOS7 doesn't come with an equivalent for systemd: # systemctl reload ipset.service Failed to issue method call: Unit ipset.service failed to load: No such file or directory. # systemctl start ipset.service Failed to issue method call: Unit ipset.service

http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo:

Hi all I have a CentOS6 box with shorewall-4.5.21. If I have IPSET= in shorewall.conf and I issue the command "shorewall add ppp:192.168.33.3 ptp", I get the error: /usr/share/shorewall/lib.cli: line 585: [: too many arguments ERROR: Zone ptp, interface ppp does not have a dynamic host list The error is corrected setting the actual path to ipset in shorewall.conf, or via the patch:

Anybody on here successfully get ipset iptables sets to work _after_ a reboot? My question on StackExchange http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade Some of the things that need to be in place, otherwise iptables does not load: 1.) The kernel module ip_set needs to be loaded. 2.) The "sets" need to be

i created an ipset and added 8.8.8.8 to it and used the same iptables working all summer long but ?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or iptables is broken. Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and actually tested that IP addresses that are supposed to be blacklisted are actually blocked? ? Filed CentOS bug report 7977

This is a recent R-devel. file.copy() is not vectorized if multiple destinations succeed: cat("foo1\n", file = "foo1") cat("foo2\n", file = "foo2") unlink(c("copy1", "copy2"), recursive = TRUE) file.copy(c("foo1", "foo2"), c("copy1", "copy2"), copy.date = TRUE) #> Error in

https://bugzilla.netfilter.org/show_bug.cgi?id=1726 Bug ID: 1726 Summary: invalid json generated by ipset list -output json Product: ipset Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: trivial Priority: P5 Component: default Assignee:

-------- Original Message -------- Subject: Re: [CentOS] ipset and blacklisting From: "Albert McCann" <mac358 at newsguy.com> Date: Wed, September 21, 2016 5:34 am To: "'CentOS mailing list'" <centos at centos.org> How are you saving and reloading the ipsets over a reboot? > -----Original Message----- > From: centos-bounces at centos.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1750 Bug ID: 1750 Summary: 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format) Product: ipset Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal

I've just started experimenting with ipset under CentOS 6, and have found what appears to be a bug (or poor design) in the init scripts for ipset, /etc/rc.d/init.d/ipset In stop(), save() and status(), it does lsmod to check for the existence of the ip_set module. If the module is not found, it exits without performing any action. This doesn't take account of a kernel where the ip_set

https://bugzilla.netfilter.org/show_bug.cgi?id=1328 Bug ID: 1328 Summary: Please allow ipset add and del via the /proc/net/xt_ipset mechanism Product: ipset Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component:

http://bugzilla.netfilter.org/show_bug.cgi?id=709 Summary: Update docs / man page for latest ipset versions Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P3 Component: default AssignedTo: netfilter-buglog at lists.netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1719 Bug ID: 1719 Summary: ipset wrongly blocking undefined ranges and not blocking ranges that are defined Product: ipset Version: unspecified Hardware: All OS: RedHat Linux Status: NEW Severity: critical Priority: P5