similar to: Shorewall and ipsets

Attached please find updated build and publish scripts. They set the ''ulink.target'' parameter appropriately when converting docbook->HTML. I have always hacked my xhtml/params.xsl file to set this parameter; these updated scripts make that abomination unnecessary. Paul/Mike: It might be a good idea to add a CVS project for these scripts. -Tom -- Tom Eastep \ Nothing is

hi I''ve got the situation that I have a virtual shorewall firewall/router which will get different single ip''s on one interface in different subnets with different gateways which need to be nat''ed to the inside network. I''d really love to do proxy arp but the provider isn''t able to give me an ip range (cloud computing hooray). If I understand it

Hi, I''ve been successfully using shorewall in our K12 school since the 2.x days initially on Mandrake and now on Debian. Because of that my config has got quite complicated. The firewall has a working MultiISP setup with four interfaces (I''ve renamed them with udev to easy their identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers (the one on dnt-if) is a DSL

Hi, I am trying to do the simplest configuration of traffic shaping. So I did: shorewall.conf TC_ENABLED=Simple tcinterfaces eth0.2 External 500kbit tcdevices eth0.2 500kbit 200kbit And I am testing the speed on that interface - whether I did it ok or not, and my speed is still 4mbit/512kbit. So the question is - How to reduce the speed on interface connected

I''m experiencing a problem with masquerade downloads saturating my internet connection. I''ve implemented an IFB and now am looking into flow keys. Although I''ve read the documentation, I''m not sure I have this right. Can someone help? /etc/shorewall/params: MID_IF=eth0 MID_IF_TC=1 INET1_IF=eth1 INET1_IF_TC=2 INET1_IFB_IF=ifb0 INET1_IFB_TC=3 Note: MID_IF

Hey gang, I was wondering if all that documentation could or has been put into PDF format. I usually like to download documentation and read it while I''m sitting comfortably at home and I don''t want to tie up the phone line all night. Thanks, Nino p.s. If so, please feel free to attach the PDF formatted document to my e-mail ;-)

Hi all I have a CentOS6 box with shorewall-4.5.21. If I have IPSET= in shorewall.conf and I issue the command "shorewall add ppp:192.168.33.3 ptp", I get the error: /usr/share/shorewall/lib.cli: line 585: [: too many arguments ERROR: Zone ptp, interface ppp does not have a dynamic host list The error is corrected setting the actual path to ipset in shorewall.conf, or via the patch:

https://bugzilla.netfilter.org/show_bug.cgi?id=1234 Bug ID: 1234 Summary: iptables match-set with multiple ipsets doesn't work Product: iptables Version: 1.4.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee:

Hello, I have ipsets setup with a set of ip address that are badbots that won't comply with robots.txt This is a home server and these are most likely up to no good. I came up with a script to extract ip address from my access_log then another script to take ips and import them into my blacklist set. (see my scripts in the .htaccess thread) I can set these up as cron jobs but I'm not

Well, I was having a heck of a time with the rpm install in terms of customizing the install directory. So I thought the easy way out might be to go for a source install. Which I tried and this was the output from the install: [root at web1:/opt/AppDynamics/appdynamics-php-agent] #./install.sh appd.jokefire.com 443 beta.jokefire.com "Web Front End" web1.jokefire.com Install script for

Hey guys, I've got another C7 problem I was hoping to solve. I installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. It's failing to communicate with it's controller on another host. And this is the interesting part. Whether or not I have SELinux enabled, I have apache reporting SELinux problems. [root at web1:~] #getenforce Permissive May 10 20:47:56 web1 python[25735]:

Hi, Is it possible to get Shorewall to reload the static blacklist file without resetting the packet and byte counters? I am following the guide at http://mudy.wordpress.com/2009/02/21/shorewall-blacklist-spamhaus-dshield/ to periodically generate a blacklist, but "shorewall -qq refresh -n blacklst" resets all my accounting. Is there a way to do this without resetting the counters? I

i''m running SW v4.5.14 i''ve created a basic /rules set, referencing a single action: cat /etc/shorewall/rules ############################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS

On Mon, May 11, 2015 9:47 am, Tim Dunphy wrote: >> >> That's a rather odd (personally, I think bad) place for a log (or >> even logfile lock) and I'm not at all surprised that selinux is >> keeping your application from writing there. I would check to see if >> there is a setup/configuration option for your application to put >> the log files and related

------------ Original Message ------------ > Date: Sunday, May 10, 2015 09:02:11 PM -0400 > From: Tim Dunphy <bluethundr at gmail.com> > > Hey guys, > > I've got another C7 problem I was hoping to solve. I > installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. > > It's failing to communicate with it's controller on another host. > And

> > If rpm is configured for _that_ location of log files, I would remove the > repository this rpm comes from from configuration and will remember to > never-never ever use that repository for anything. > > Just my $0.02 > Yeah I completely get where you're coming from there. However it's not an RPM from a repo. I downloaded the rpm from the appdynamics site itself.

Hi Tom, Thanks for the feedback about my Shorewall evaluation I''ve published a blog today covering general things I''ve observed about the way to combine Shorewall with strongSwan: http://danielpocock.com/practical-linux-vpns-with-strongswan-shorewall-and-openwrt Please let me know if anything is inaccurate or if there is anything substantial that I missed and I''ll

http://bugzilla.netfilter.org/show_bug.cgi?id=640 Summary: ipset-4.2 : ipset -T <some_setlist> <address> always negative Product: ipset Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: default AssignedTo:

> > That's a rather odd (personally, I think bad) place for a log (or > even logfile lock) and I'm not at all surprised that selinux is > keeping your application from writing there. I would check to see if > there is a setup/configuration option for your application to put > the log files and related in a more standard location (/var/log, > /var/run), where it is less

Tim Dunphy wrote: >> >> If rpm is configured for _that_ location of log files, I would remove >> the >> repository this rpm comes from from configuration and will remember to >> never-never ever use that repository for anything. >> >> Just my $0.02 > > Yeah I completely get where you're coming from there. However it's not an > RPM from a