similar to: Anyone near New York City interested in giving a talk on Shorewall?

OS: Debian Lenny (kernel 2.6.26-2-686 Shorewall: 4.0.15 (installed from Debian repository) I have an FTP server behind Debian system I am using for a firewall and I am wanting to use Shorewall on it (the Debian firewall). Following the instructions for configuring FTP (at <http://www.shorewall.net/FTP.html>), I have the following rule in my /etc/shorewall/rules file: FTP(DNAT) net

Hi, How can I tell shorewall to block any ip address if it generate x no of request within x no of seconds. I want to filter SYN, ICMP and HTTP Get floods etc. Is it possible have a minimum local level deterrence against ddos attacks at firewall level? -- AzfarHashmi Cloudways Your Managed Cloud e: azfar.hashmi@cloudways.com w: www.cloudways.com <http://www.cloudways.com> PGP

Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards,

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

Hello Asterisk sits in a Vserver guest (192.168.3.9) on the firewall. I can''t seem to get the sip helper to mark the SIP packets though. I have an ftp client on a different Vserver guest on the firewall. If I put ftp in the HELPER column of tcrules I can mark those packets. With sip in the HELPER column though nothing happens. Attached is a "shorewall dump > dump.txt"

Hi, Hi, I get an error with TC Simple. System: shorewall 4.5.6.2 kernel 3.5.3 iptables 1.4.13 xtables 1.45 iproute2 3.5.1 OS: gentoo/linux amd64 when shorewall executes this command: tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 It fails with this error: RTNETLINK answers: No such file or directory We have an error

When Shorewall refreshes the config I get following in the log.. kernel: ip_tables: MARK target: only valid in mangle table, not filter logger: Shorewall refreshed Is that something I should worry about? Thanks P.S.  shorewall version 4.5.0.2 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the

Tom, There appears to be a broken link on the online manpage for shorewall.conf http://www.shorewall.net/manpages/shorewall.conf.html " *GEOIPDIR*=[/pathname/] Added in Shorewall 4.5.4. Specifies the pathname of the directory containing the /GeoIP Match/ database. See http://www.shorewall.net/ISOCODES.html. If not specified, the default value is

any howto for this ? will shorewall-lite with ssh work if the hardware router have ssh login ? just imho ssh commands is not iptables at all :( even the router is linux kernels, any google hints ? -- Benny Pedersen ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s

Just installed psad and am testing it. This morning I awoke to an email saying: [-] You may just need to add a default logging rule to the /sbin/ip6tables ''filter'' ''INPUT'' chain on hydra. For more information, see the file "FW_HELP" in the psad sources directory or visit: http://www.cipherdyne.org/psad/docs/fwconfig.html Well I have

On http://www.shorewall.net/ISO-3661.html in the ''Introduction'', shouldn''t that /etc/shorewall/rules instead of /etc/shorewall/tcrules ? Bill ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT

hi Tom I have use Shorewall version 3.4.8 what it would be for me in this rules? > As I can have more than two MAC addresses to apply a rule > in shorewall, I have the following to block port 443: > > > REJECT loc:~00-11-22-33-44-55 net tcp 443 > > > I try this > > > REJECT loc:~00-11-22-33-44-55,~AA-BB-CC-DD-EE-FF net tcp 443 That

Hello all, I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ? Thanks Fred

Greetings, I''m new to Shorewall but not to working with Iptables. Shorewall is the simplest firewall front end I have found thus far. I''m currently trying to build a Cfengine policy to maintain Shorewall configurations. My main problem at them moment is confirming that the running iptables rules match what Shorewall originally built. If I understand Shorewall correctly the

I know someone who for the past 4 days has been having the heck ddosed out of him. He runs a gaming server, and ran a report on the ddos; he has 8 pages of that and a few hours ago there were 16 pages. They''re attacking his machine on random ports and he blocks UDP traffic on those ports, but they keep attacking on other ports. So far he''s banned over 800,000 IP''s.

I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the

I''m using Roberto''s squeeze repository on an old lenny VM that I just updated from 4.5.2.something to 4.5.3. After the update I was seeing this during start/restart: Initializing... /usr/share/shorewall/modules: line 19: ?INCLUDE: command not found /usr/share/shorewall/modules: line 23: ?INCLUDE: command not found /usr/share/shorewall/modules: line 27: ?INCLUDE: command not

I am currently using Fedora 16 with the distribution provided shorewall-*-4.4.23.3-6.fc16 packages. shorewall-init seems to be missing a critical file. /lib/systemd/system/shorewall-init.service attempts to call /sbin/shorewall-init, but, /sbin/shorewall-init does not exist. I thought maybe it was a packaging error, so, downloaded the original source, (i.e., shorewall-init-4.4.23.3.tar.bz2), still

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

This may not necessarily be the best place to ask this, but I''ve tried the Admin Guide, LinuxQuestions and Debian forums and no one knows. Running Debian Testing, and I need to set up two profiles for my wifi adapter, one for home and one for any open AP. I''m using the manual method of configuring, editing the /etc/wpa_supplicant/wpa_supplicant.conf and /etc/network/interfaces