similar to: Shorewall 4.5.1.1

Hi, I realise that one can simply start fail2ban and then it will insert its own ruleset before shorewall''s ruleset. Are there subscribers to this list having alternative (and probably better) ways to use both fail2ban and shorewall? Thanks, Mark ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90

Tom : Firewall up not letting traffic through It is probably a setting that I have wrong Private Network: Can ping the outside network card from inside the network, but can not ping "yahoo.com" or one of its ip address (209.191.122.70) Firewall computer: On the firewall computer can ping computer on inside network and "yahoo.com" -- Eric Teeter 504 Main St.

Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net

http://bugzilla.netfilter.org/show_bug.cgi?id=763 Summary: dnat and snat not changing port numbers on sctp packets Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P3 Component: NAT AssignedTo: netfilter-buglog at

Hi! The netfilter project presents another development release of the conntrack-tools that includes support for all the protocol helpers available in 2.6.30 that were missing so far (SCTP, UDPlite, DCCP and GRE). The daemon updates includes a fix for a memory leak that can be triggered under heavy load and if you set a hashtable in user-space that is smaller than the one in the kernel. Moreover,

Hello, i have a question regarding SCTP support of OpenSSH. (I have searched the list, and it seems to show up periodically every two years, and since it's that time again i dare to ask...) It can't be described better than what i've placed in a bug report yesterday, so please let me (mostly) copy & paste that: Hello. I don't know how you do it, i never managed a(n

Shorewall 4.3.11 is now available for testing. Much of what is in this release is below the surface. Many of the modules have been reorganized to provide for more readable code and to eliminate a lot of parameter passing. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 11

Hi, in shorewall version 3.4.8 used this rule to block access to Facebook through port 443 (https): /shorewall/rules: REJECT loc net:69.171.224.12, 69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443 What I did was block the public IP network segment to fitthrough https. Now I use this same rule in version 4.4 and I works already. Has anything changed in this

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

https://bugzilla.netfilter.org/show_bug.cgi?id=1335 Bug ID: 1335 Summary: iptables-restore will crash if -6 rules are present Product: iptables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables-restore

https://bugzilla.netfilter.org/show_bug.cgi?id=1362 Bug ID: 1362 Summary: iptables translation issues Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: iptables over nftable Assignee: pablo at

The netfilter coreteam presents: iptables version 1.4.3 the iptables release for the 2.6.29 kernel. It has been some time since the last release and we've had a lot of changes all over the place. Besides the usual fixes and cleanups, we have: - numerous documentation updates from Jan Engelhardt and others - a set of changes to move some of the iptables functionality to a shared

Now that ->sendpage() has been removed, MSG_SENDPAGE_NOTLAST can be cleaned up. Things were converted to use MSG_MORE instead, but the protocol sendpage stubs still convert MSG_SENDPAGE_NOTLAST to MSG_MORE, which is now unnecessary. Signed-off-by: David Howells <dhowells at redhat.com> cc: "David S. Miller" <davem at davemloft.net> cc: Eric Dumazet <edumazet at

Hi list! I would like to modernize my server at home which is still running Shorewall 3. The server will be running CentOS 6.2 but i also want to use KVM virtualization to run a Windows host on the same box that i can log in to remotely. I looked through the documentation samples on the shorewall site and found several bridging configurations but they do not match my setup, yes it will

https://bugzilla.netfilter.org/show_bug.cgi?id=1055 Bug ID: 1055 Summary: dccp type reset throws errors Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

https://bugzilla.netfilter.org/show_bug.cgi?id=930 Summary: DCCP: --dccp-types and --dccp-option are not supported Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at netfilter.org

[ Added Thomas Gleixner ] On Thu, 26 Jul 2018 11:34:39 +0200 Dmitry Vyukov <dvyukov at google.com> wrote: > On Thu, Jul 26, 2018 at 11:29 AM, syzbot > <syzbot+604f8271211546f5b3c7 at syzkaller.appspotmail.com> wrote: > > Hello, > > > > syzbot found the following crash on: > > > > HEAD commit: dc66fe43b7eb rds: send: Fix dead code in rds_sendmsg

Hi all, I now have Xen running on Intel Core2 duo system, and am running a HVM domU with Microsoft Windows XP Home Edition, cold-installed from distribution CD. Problem is, Windows can''t get to the network. My dom0 ifconfig looks correct, as far as I can tell. I have a DHCP server on my local network, but the Windows XP domU claims to be unable to find DHCP. I''ve also tried

Hi, I created a modification (more like a hack) to shorewall that backups a configuration after succesfully (re)starting it. In case a future (re)start fails it will use this backup configuration. (instead of stopping the firewall and generating a massive ammount phonecalls ;) I didn''t pay too much attention to the ramifications of this patch, so let me know if i screwed anything up.