similar to: Re: How add two o more MAC Address in one

Hi, in shorewall version 3.4.8 used this rule to block access to Facebook through port 443 (https): /shorewall/rules: REJECT loc net:69.171.224.12, 69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443 What I did was block the public IP network segment to fitthrough https. Now I use this same rule in version 4.4 and I works already. Has anything changed in this

OS: Debian Lenny (kernel 2.6.26-2-686 Shorewall: 4.0.15 (installed from Debian repository) I have an FTP server behind Debian system I am using for a firewall and I am wanting to use Shorewall on it (the Debian firewall). Following the instructions for configuring FTP (at <http://www.shorewall.net/FTP.html>), I have the following rule in my /etc/shorewall/rules file: FTP(DNAT) net

Greetings, I''m new to Shorewall but not to working with Iptables. Shorewall is the simplest firewall front end I have found thus far. I''m currently trying to build a Cfengine policy to maintain Shorewall configurations. My main problem at them moment is confirming that the running iptables rules match what Shorewall originally built. If I understand Shorewall correctly the

For a same configuration in which the default policy is drop and only one connection is accepted in rules, continuous pinging to devices will stop squarely in 4.0.15 as soon as a very basic firewall is enabled whereas in 4.4.26.1, pinging will still continue after the firewall is enabled. All tests are done with proper reboot of the unit3 where the firewall is applied: unit1 <---> eth4

I am currently using Fedora 16 with the distribution provided shorewall-*-4.4.23.3-6.fc16 packages. shorewall-init seems to be missing a critical file. /lib/systemd/system/shorewall-init.service attempts to call /sbin/shorewall-init, but, /sbin/shorewall-init does not exist. I thought maybe it was a packaging error, so, downloaded the original source, (i.e., shorewall-init-4.4.23.3.tar.bz2), still

Beta 3 is now available for testing. Corrections in this release: 1) Corrections included in Shorewall 4.4.21.1. 2) Several problems reported by Steven Springl. The rest is largely cleanup of the new rule infrastructure. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \

Beta 3 is now available for testing. Corrections in this release: 1) Corrections included in Shorewall 4.4.21.1. 2) Several problems reported by Steven Springl. The rest is largely cleanup of the new rule infrastructure. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \

When I attempt to start shorewall (version 4.0.15) I get an RTNETLINK error (see below). /var/log/shorewall-init.log [...] 21:02:18 Creating Interface Chains... 21:02:19 Adding Providers... RTNETLINK answers: File exists ERROR: Command "ip route add table 1 129.116.XXX.0/24 dev eth2 proto kernel s cope link src 129.116.XXX.30" Failed 21:02:25 Shorewall-generated routing tables and

I haven''t debugged this enough to understand what is happening, but I observe the following: someipset = bitmap:ip,mac 1) br0:+someipset 2) br0:+someipset[2] The first 1) doesn''t match anything in rules or tcrules, the second 2) matches fine. (Also using +someipset[1] doesn''t match anything) Is it possible/sensible/feasible to have shorewall figure out the

Hi All! I only ever have complex setups. Customer site has a dedicated leased line from their ISP terminating on a Cisco router. Router is configuered with the first usable address on a /28 network - 196.x.y.73. The linux firewall is configured with the remaining 5 ip''s, 196.x.y.74 to 196.x.y.78 and 79 as the broadcast. Sounds normal but here is the twist. The primary or first ip

Okay, so I''m trying to setup my multiple ISP setup that I described earlier. I have: # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP>

The Shorewall Team is pleased to announce the availability of Shorewall 4.5.0. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair included in 4.4.27.1-4.4.27.3. 2) The start

Hi list, My network was assigned a private AS and my ISP(4) urged me to use BGP ! My Other 3 providers on my Shorewall BOX are typical aDSL lines while the 4th is an 1G optical uplink with 64 addresses. Currently I am in a balance, track mode in shorewall ISP setup.. After I installed - configured and started zebra + bgp my static routing tables got filled with about 850 static routes to

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at

Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards,

I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security

Hi all: I see a lot of the errors below in /var/log/messages on my firewall: Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:49:44 munin kernel: [109128.257509] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:50:44

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the