similar to: How to refresh blacklist without resetting counters

Hi, I need some special masq rules to allow internal servers to resolve public IP''s which are loadbalanced by LVS - the rule are: iptables -t nat -A POSTROUTING -m ipvs --vaddr <LVS PUBLIC IP>/32 --vport 80 -j SNAT --to-source <LVS INTERNAL IP> Also I need to enable: echo 1 > /proc/sys/net/ipv4/vs/conntrack Currently I do all this from /etc/shorewall/started - but is

Hi all. There is an interesting project that was called opendpi (originally by ipoque GmbH) and recently been forked and maintained by the ntop guys under the nDPI label. It offers a new and currently maintained layer 7 (L7) packet identification library. It could definitely benefit from more eyes and development effort, but at present it gives much better breakdown of traffic for ntop

Hi, I'm trying to manage LXC instances through OpenStack, which use libvirt as a virtualization driver layer. After launching LXC instance, I simply could not attach to the console. virsh # list Id Name State ---------------------------------- 14366 instance-00000078 running virsh # console 14366 Connected to domain instance-00000078 Escape character is ^] And it keeps

I helped set up a firewall at my brother''s church and we are running shorewall 1.4.6b on a redhat 9 box. Works well. [root@fumcbafw shorewall]# uname -r 2.4.20-19.9 [root@fumcbafw shorewall]# iptables --version iptables v1.2.7a The box also serves as a dhcp server for the church offices and there is one box that apparently still has the old firewall config (zone alarm) on it since it

Hi, In last one week I have seen two servers of our organization successfully hacked and some other under attack from some other IP addresses. We would block one IP address on our firewall and after a few hours, they would start getting hits from some another IP address. When I checked them on whois.net, they all were from Amsterdam. Surprisingly, I once had similar attack in the past and it was

Hello, Pardon me if this turns out to be stupid question. I have an IP address blacklisted in /etc/shorewall/blacklist. I have BLACKLIS_LOGLEVEL not set in /etc/shorewall/shorewall.conf, but I can still see the packages coming from the blacklisted IP logged in /var/log/messages when I do ''tail -f /var/log/messages''. Is there someplace else I should check ? Thanks. RDB --

> > If rpm is configured for _that_ location of log files, I would remove the > repository this rpm comes from from configuration and will remember to > never-never ever use that repository for anything. > > Just my $0.02 > Yeah I completely get where you're coming from there. However it's not an RPM from a repo. I downloaded the rpm from the appdynamics site itself.

Hi, I''ve been successfully using shorewall in our K12 school since the 2.x days initially on Mandrake and now on Debian. Because of that my config has got quite complicated. The firewall has a working MultiISP setup with four interfaces (I''ve renamed them with udev to easy their identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers (the one on dnt-if) is a DSL

Beta 1 is now availablew for testing. Problems Corrected: 1) Previously, the Shorewall and Shorewall6 install.sh scripts did two things wrong with respect to the /etc/shorewall[6]/routes file: - The existing file was unconditionally removed. - A skeleton file was not installed when SPARSE was not set in the shorewallrc file. Additionally, the installer would remove

Beta 1 is now availablew for testing. Problems Corrected: 1) Previously, the Shorewall and Shorewall6 install.sh scripts did two things wrong with respect to the /etc/shorewall[6]/routes file: - The existing file was unconditionally removed. - A skeleton file was not installed when SPARSE was not set in the shorewallrc file. Additionally, the installer would remove

I''m experiencing a problem with masquerade downloads saturating my internet connection. I''ve implemented an IFB and now am looking into flow keys. Although I''ve read the documentation, I''m not sure I have this right. Can someone help? /etc/shorewall/params: MID_IF=eth0 MID_IF_TC=1 INET1_IF=eth1 INET1_IF_TC=2 INET1_IFB_IF=ifb0 INET1_IFB_TC=3 Note: MID_IF

Hey guys, I've got another C7 problem I was hoping to solve. I installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host. It's failing to communicate with it's controller on another host. And this is the interesting part. Whether or not I have SELinux enabled, I have apache reporting SELinux problems. [root at web1:~] #getenforce Permissive May 10 20:47:56 web1 python[25735]:

Hi Tom, Thanks for the feedback about my Shorewall evaluation I''ve published a blog today covering general things I''ve observed about the way to combine Shorewall with strongSwan: http://danielpocock.com/practical-linux-vpns-with-strongswan-shorewall-and-openwrt Please let me know if anything is inaccurate or if there is anything substantial that I missed and I''ll

> > That's a rather odd (personally, I think bad) place for a log (or > even logfile lock) and I'm not at all surprised that selinux is > keeping your application from writing there. I would check to see if > there is a setup/configuration option for your application to put > the log files and related in a more standard location (/var/log, > /var/run), where it is less

Hello, Is it possible to split a port direction so it goes to one server or another? For example, I want abc.com to be routed to server X and def.com to go to server Y. Is it also possible to have e-mail addresses going to one server or another in the same concept so joe@abc.com will to server E and jane@abc.com goes to server F? If any of this is possible, what is the name of the

Hi all, I''m tring to convert some manually written iptables rules into a shorewall configuration but I''m facing some issue with mode statistic. In our outgoing smtp we balance the source IP address of outgoing connections originating from the firewall between 4 alias configured on eth0 interface: eth0 inet addr:xxx.xxx.xxx.18 Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0 eth0:1

Well, I was having a heck of a time with the rpm install in terms of customizing the install directory. So I thought the easy way out might be to go for a source install. Which I tried and this was the output from the install: [root at web1:/opt/AppDynamics/appdynamics-php-agent] #./install.sh appd.jokefire.com 443 beta.jokefire.com "Web Front End" web1.jokefire.com Install script for

Hi, I am trying to do the simplest configuration of traffic shaping. So I did: shorewall.conf TC_ENABLED=Simple tcinterfaces eth0.2 External 500kbit tcdevices eth0.2 500kbit 200kbit And I am testing the speed on that interface - whether I did it ok or not, and my speed is still 4mbit/512kbit. So the question is - How to reduce the speed on interface connected

I''m attaching a few changes that are specific to Arch Linux and are motivated by our recent switch to systemd. System V init scripts are no longer used/supported on Arch Linux and, therefore, the Arch Linux init scripts can be removed from Shorewall. The two patches that follow are based against master; if it''s possible to apply them to the upcoming Shorewall 4.5.13 as well,

Hi to all For is just az concept question : There are a need to change something in Squid3 config when it are running in the same box as shorewall with 2 ISP ? I''ve been thinking in do this at home, as a proof of concept for future implememtations ... I allways use Roberto''s Debian package to implement Shorewall . Fábio Rabelo