similar to: Shorewall 4.5.0

I''d like to ask for clarification on the upgrade procedure using tarballs. In the past, with version 4.4, I have downloaded shorewall-4.4.x.y.tar.bz2 and shorewall6-4.4.x.y.tar.bz2, extracted each, and executed ''install.sh -s'' in each directory. Now there is a new package shorewall-core-4.5.x.y.tar.bz2. As I understand it, with version 4.5, this core package needs to be

Tom In Shorewall6 4.4.27 the following proxyndp entry: 2001:4d48:ad51:24::f3 eth2 eth0 no no does not add the required route. The code produced in /var/lib/shorewall6/.restart is: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add 2001:4d48:ad51:24::f3/128 dev eth2 Splitting the line into 2 separate lines: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2

how to make this work, its seem to me that netfilter is changed more or less someplaces that shorewall do not support, using 4.4.27 shorewall and shorewall6 suggestion welcomed ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99!

I am in the process of building a new machine to replace several older servers. I am considering running several virtual servers on one box, all linux for host and virtual machines using VirtualBox. Is it possible/advisable to configure shorewall on the host to act as a firewall for the virtual machines, each having one or more static public IP address? Any pointers, suggestions and/or

Hi All! Been quite a few years and lots of water under the bridge but here I am back! I have a customer that has now decided they need a bit more bandwidth over and above their fixed line! They are not in a good area for ADSL because of copper theft and being a bit to far from the closest DSLAM! They have installed a wireless link and I have made certain that put it behind my simple iptables

Hi, I am trying to get L2TP roadwarrior VPN working from http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP but i am making a mistake somewhere, appreciate a fresh set of eyes to help. I have the following interfaces: ppp0 - interneteth0 - local networkrem - client openvpnl2tp - ppp for lt2p clients I am getting the following error logged when trying to connect into the server with L2TP from a remote

Hello Guys I have problem with internet bank. I have 2 Internet links balancing mode, thus the bank is charging connection down. I tried to force Internet traffic (port 80 and 443) for only a link, however it did not work. How do I make a setting to force the connection to these ports for a specific link. Note: I can not use the file as route_rules have neither the source IP (ltsp) nor of

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

Happy New Year, everyone. With the new year, comes a new major version of Shorewall. The reasons for opening a new version are: 1. The packaging and dependencies have changed in this release. 2. There are minor migration issues. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E

Beta 3 is now available for testing. Problems Corrected: 1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The

Beta 3 is now available for testing. Problems Corrected: 1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

Typically (or at least somewhat occasionally) after a reboot of my shorewall[-lite] machine I find that I end up with conntrack table entries for unNATted connections such as: # conntrack -L -p udp --dport 5060 -d 99.232.11.14 udp 17 59 src=10.75.22.8 dst=99.232.11.14 sport=5060 dport=5060 packets=5472 bytes=3031488 [UNREPLIED] src=99.232.11.14 dst=10.75.22.8 sport=5060 dport=5060 packets=0

Hi All! I only ever have complex setups. Customer site has a dedicated leased line from their ISP terminating on a Cisco router. Router is configuered with the first usable address on a /28 network - 196.x.y.73. The linux firewall is configured with the remaining 5 ip''s, 196.x.y.74 to 196.x.y.78 and 79 as the broadcast. Sounds normal but here is the twist. The primary or first ip

Hi list! I would like to modernize my server at home which is still running Shorewall 3. The server will be running CentOS 6.2 but i also want to use KVM virtualization to run a Windows host on the same box that i can log in to remotely. I looked through the documentation samples on the shorewall site and found several bridging configurations but they do not match my setup, yes it will

When I attempt to start shorewall (version 4.0.15) I get an RTNETLINK error (see below). /var/log/shorewall-init.log [...] 21:02:18 Creating Interface Chains... 21:02:19 Adding Providers... RTNETLINK answers: File exists ERROR: Command "ip route add table 1 129.116.XXX.0/24 dev eth2 proto kernel s cope link src 129.116.XXX.30" Failed 21:02:25 Shorewall-generated routing tables and

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to

> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote: > The three most common attack vectors, (and attack volumes have never been higher) are: > > * Sniffed unencrypted credentials > (Assume every home wifi router and CPE equipment are compromised ;) > * Re-used passwords where data is exposed from another site's breach > (Users WANT to

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could