similar to: Blocked host getting through

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

Hi all, please, tell me about security of Darkstat. Is it good idea to install it on firewall/gateway ? I'd like to measure our company traffic, but I do not have Apache running on the gateway. How could I redirect Darkstat's output to web-server inside company ? Or is there some other tool, which can measure in/out traffic and send output to another machine ? I know MRTG, but it uses

hello list shorewall I encounter serious problems with this Multi-port Match: Available . my custom kernels do not provide this option that prevents me from compiling shorewall 6 plesase correct this maybe a bug fix --  http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7  gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://urlshort.eu fakessh @

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

Hi, I have a shorewall v4.0.7 installation on an older version of fedora. What is the proper way to add another network to the DMZ interface? Is it through virtual networks? If so, how is that done, given I''ve already designed the system around a single network on the DMZ? I have two physical interfaces on the firewall, with eth0 for external (192.168.1.0) and eth1 for the DMZ

I am rebasing Fedora rawhide oprofile package to oprofile-0.9.7. The xenoprof patches on http://xenoprof.sourceforge.net/#download look a bit dated. The newest version is for oprofile-0.9.5. I massaged the patch oprofile-0.9.5-xen.patch to apply to oprofile-.0.9.7. Attached is that updated patch. Does this look reasonable? Is there a desire to get this into upstream oprofile? Or should the

hi all :) anyone knows some Real time traffic grapher application ? faster than mrtg , im not looking for web based ones ... -- You will soon forget this.

Hi, I am building a firewall that will have two groups of subnets behind it which I''ll provision via vlans. The upstream provider will be supplying a router with a single interface with two subnets routed into it, one is a private connection to the corporate WAN and the other is a public (Internet) block. One group of subnets behind the firewall will be SNAT''d out through a

Hi, I''m a relative newbie to LARTC but I have read Matthew Marsh''s book and lurked on this list for a while.... I still seem to be missing a few key ideas here.... So... Maybe folks on the list will be kind enough to help. I have two different ISPs. Cogent and Bell. I have three different firewalls (2 PIX and 1 IPCop). And I have an Ubuntu Linux box doing LARTC for around

Good morning, We''ve been testing PE and beginning developing modules for our infrastructure. One of the modules I''m looking to create is an installation for Splunk, with the primary focus at this time, on the Forwarder. I already have the splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb package being fetched from the Master and also performing the installation via dpkg. I

Hello, I've used oggenc with these options before: $ oggenc -q3.0 -m 96 -M 225 somemusic.wav But it's now encoding everything at 1.0kbps. The compression is *awesome* but the found quality is somewhat lacking. Has something changed recently, or am on crack (again)? Cheers, Geoff Ps. I put the above example in the ifp-driver mailing list FAQ.. but now I don't look so smart..

My firewall is using shorewall 3.0.x and CentOS Recently, I found that firewall is attaching from ARP spoofing.. There are a lot of "out of socket memory" in messages log ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and

Dear shorewall list enthusiasts, I recently set up a dedicated linux box running shorewall in order to isolate my network from the "evil other side" :) It works so well that I first have to thank and congratulate everybody that took part in this project ! Then, I have a question, that separates my setup from "wonderful" to "heaven" : I activated the

Hi, I am one of the developers of the FreeWRT project and I want to give you some feedback. Shorewall runs quite fine on our supported devices, but we need to patch Shorewall to get it running as expected. The problem is the ip command and busybox 1.4.2. Some words about busybox: BusyBox is a multi-call binary that combines many common Unix utilities into a single executable.

Hi Shorewall Users :) I have found shorewall firewall and seems to be interesting. I need to setup a configuration my my network users because i only have 50gb of traffic per month. I want to know if the shorewall can make a 48gb per month limit, but everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count. Can shorewall do that ? -- Sem Mais Rui Oliveira 351 - Portugal

Hi. What system or software are you using to show the iptables log files (for example the dropped packages tagged as LOG in the Shorewall rules)? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files

hello Tom >Another very likely cause is that Shorewall-shell is generating a pkttype >test to identify multicast packets. This can be unreliable and can be >avoided by setting PKTTYPE=No in shorewall.conf. After using PKTTYPE=No in shorewall.conf , my syslog is clean now. Do you mean that adding the following line in /etc/shorewall/interfaces is suffiscient? dmz eth1

I set up a firewall following: http://www.shorewall.net/MultiISP.html Using shorewall 4.0.5 and a 2.6.22 kernel Attached a dump from shorewall. It''s setup for testing. I have an internal host set to it as the default route. The ipsec.conf file is renamed to keep it from messing up the vpns. Most things are working OK. I''m a bit concerned that all the outgoing nat traffic is