Displaying 20 results from an estimated 1000 matches similar to: "Shorewall DNAT to IPSET"
2011 Aug 02
5
selinux issues
Please see https://bugzilla.redhat.com/show_bug.cgi?id=727648 for more info.
Shorewall executes some bash code like the following:
while read address interface external haveroute; do
qt $IP -4 neigh del proxy $address dev $external
[ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del
$address/32 dev $interface
2011 Aug 03
6
Dual ISP config: How to forward DNS requests to the proper server?
I''m using Shorewall with a load-balanced muti-ISP config along with LSM for
failover. It''s working great, except for DNS requests. I''d appreciate some
advice on how to best configure this.
The WAN connections are a T1 through XO and a cable connection through
Comcast. About 80% of the traffic is routed out the Comcast connection
under normal connections. I would
2011 Aug 05
3
Configuration for ppp0 and wlan0 (Standalone laptop - Debian Squeeze)
Hello,
I would appreciate any feedback/suggestions on my Shorewall configuration for a standalone laptop Debian Squeeze configuration for ppp0 and wlan0, set out below:
------------------
My current system:
------------------
I have successfuly configured Shorewall 4.4.11.6 on my standalone Debian Squeeze laptop for a ppp0 (Mobile broadband) connection using GNOME PPP, works great (refer to
2011 Aug 05
1
shorewall will be in the next openSUSE release
Hi,
Just to pass the news [1],shorewall firewall package will be part of the
next openSUSE release, meaning users would not need to set up an extra
repository (of course they can always choose to follow the development
repo).
Thanks to all answering my questions
Togan
[1]<http://lizards.opensuse.org/2011/08/05/factory-progress-2011-08-05/>
2011 Aug 05
1
shorewall will be in the next openSUSE release
Hi,
Just to pass the news [1],shorewall firewall package will be part of the
next openSUSE release, meaning users would not need to set up an extra
repository (of course they can always choose to follow the development
repo).
Thanks to all answering my questions
Togan
[1]<http://lizards.opensuse.org/2011/08/05/factory-progress-2011-08-05/>
2009 Oct 05
1
Hostap Shorewall and lld2l
None of my systems can use lld2d to map the network when connected via
wireless, but it works fine over the wireful network. the wireless is
client -> hostapd -> ath5k -> bridge -> kernel with shorewall handling
the bridge and kernel, as best I can explain it. on the bridge is also
a wired device and a bunch of other PCs. the wired PCs can all map
using lld2d just fine.
lld2d
2011 Aug 02
3
[Bug 733] New: ipset restore won't restore from output of ipset save
http://bugzilla.netfilter.org/show_bug.cgi?id=733
Summary: ipset restore won't restore from output of ipset save
Product: ipset
Version: unspecified
Platform: All
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: default
AssignedTo: netfilter-buglog at
2015 Feb 17
3
Using "ipset" under CentOS7
ipset on CentOS6 comes with /etc/rc.d/init.d/ipset so that "service
ipset reload" can be used to (re)load the configuration. CentOS7
doesn't come with an equivalent for systemd:
# systemctl reload ipset.service
Failed to issue method call: Unit ipset.service failed to load: No
such file or directory.
# systemctl start ipset.service
Failed to issue method call: Unit ipset.service
2010 Mar 11
2
[Bug 640] New: ipset-4.2 : ipset -T <some_setlist> <address> always negative
http://bugzilla.netfilter.org/show_bug.cgi?id=640
Summary: ipset-4.2 : ipset -T <some_setlist> <address> always
negative
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: default
AssignedTo:
2013 Dec 17
1
shorewall add fails with IPSET=
Hi all
I have a CentOS6 box with shorewall-4.5.21.
If I have IPSET= in shorewall.conf and I issue the command "shorewall add
ppp:192.168.33.3 ptp", I get the error:
/usr/share/shorewall/lib.cli: line 585: [: too many arguments
ERROR: Zone ptp, interface ppp does not have a dynamic host list
The error is corrected setting the actual path to ipset in shorewall.conf,
or via the patch:
2014 Aug 10
3
ipset module loaded at startup on CentOS 6.5
Anybody on here successfully get ipset iptables sets to work _after_ a
reboot?
My question on StackExchange
http://unix.stackexchange.com/questions/149536/upon-bootup-all-iptables-are-lost-because-the-kernel-module-ip-set-is-not-loade
Some of the things that need to be in place, otherwise iptables does not
load:
1.) The kernel module ip_set needs to be loaded.
2.) The "sets" need to be
2014 Dec 08
2
ipset not actually blocking
i created an ipset and added 8.8.8.8 to it and used the same iptables
working all summer long but
?i can still ping 8.8.8.8 and do nslookup queries against it. ipset or
iptables is broken.
Anybody else rebooted since ipset-6.11-3.el6.i686 was installed and
actually tested that IP addresses that are supposed to be blacklisted are
actually blocked?
?
Filed CentOS bug report 7977
2018 Apr 05
1
potential file.copy() or documentation bug when copy.date = TRUE
This is a recent R-devel. file.copy() is not vectorized if multiple
destinations succeed:
cat("foo1\n", file = "foo1")
cat("foo2\n", file = "foo2")
unlink(c("copy1", "copy2"), recursive = TRUE)
file.copy(c("foo1", "foo2"), c("copy1", "copy2"), copy.date = TRUE)
#> Error in
2023 Dec 05
3
[Bug 1726] New: invalid json generated by ipset list -output json
https://bugzilla.netfilter.org/show_bug.cgi?id=1726
Bug ID: 1726
Summary: invalid json generated by ipset list -output json
Product: ipset
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: trivial
Priority: P5
Component: default
Assignee:
2016 Sep 21
1
ipset and blacklisting
-------- Original Message --------
Subject: Re: [CentOS] ipset and blacklisting
From: "Albert McCann" <mac358 at newsguy.com>
Date: Wed, September 21, 2016 5:34 am
To: "'CentOS mailing list'" <centos at centos.org>
How are you saving and reloading the ipsets over a reboot?
> -----Original Message-----
> From: centos-bounces at centos.org
2024 Apr 20
3
[Bug 1750] New: 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format)
https://bugzilla.netfilter.org/show_bug.cgi?id=1750
Bug ID: 1750
Summary: 'ipset save' does not save in format loadable by
systemd (it saves in 'ipset list' format)
Product: ipset
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
2015 Sep 24
1
Bug in init scripts for ipset?
I've just started experimenting with ipset under CentOS 6, and have
found what appears to be a bug (or poor design) in the init scripts
for ipset, /etc/rc.d/init.d/ipset
In stop(), save() and status(), it does lsmod to check for the
existence of the ip_set module. If the module is not found, it
exits without performing any action.
This doesn't take account of a kernel where the ip_set
2019 Mar 25
3
[Bug 1328] New: Please allow ipset add and del via the /proc/net/xt_ipset mechanism
https://bugzilla.netfilter.org/show_bug.cgi?id=1328
Bug ID: 1328
Summary: Please allow ipset add and del via the
/proc/net/xt_ipset mechanism
Product: ipset
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component:
2011 Mar 10
2
[Bug 709] New: Update docs / man page for latest ipset versions
http://bugzilla.netfilter.org/show_bug.cgi?id=709
Summary: Update docs / man page for latest ipset versions
Product: ipset
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P3
Component: default
AssignedTo: netfilter-buglog at lists.netfilter.org
2023 Oct 25
4
[Bug 1719] New: ipset wrongly blocking undefined ranges and not blocking ranges that are defined
https://bugzilla.netfilter.org/show_bug.cgi?id=1719
Bug ID: 1719
Summary: ipset wrongly blocking undefined ranges and not
blocking ranges that are defined
Product: ipset
Version: unspecified
Hardware: All
OS: RedHat Linux
Status: NEW
Severity: critical
Priority: P5