similar to: Shorewall 4.5.22 Beta 1

Hi Tom and all, I started to play a bit with the AutoBL action on a CentOS 6 box and ran into the following problems: 1) The action.AutoBL doesn''t work for me until I patch it like so: --- /usr/share/shorewall/action.AutoBL.orig 2013-10-01 00:59:42.000000000 +0200 +++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 +0200 @@ -22,6 +22,9 @@ DEFAULTS

Hello, I''m using shorewall-4.5.16 with centos5. The dhclient stores the lease information on the /var/lib/dhclient/dhclient-<DEVICE>.leases file. The /var/lib/shorewall/firewall script has the function detect_dynamic_gateway that detects the gateway based on the leases file. The code in the function is: detect_dynamic_gateway() { # $1 = interface local interface

Hi Has anybody tried to combine shorewall (instead of iptables) with packetfence? /Göran ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and

Hi all. I can''t seem to get the h323 connection tracking configured correctly for Shorewall. I am using the Debian Shorewall 4.5.16.1 package. I am running a Debian 3.9 kernel like so: # uname -a Linux gw 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux My version of iptables is: # iptables -V iptables v1.4.20 If I add the following rule in the /etc/shorewall/tcrules file to

Good afternoon Tom, okay? See if you can help me ... I have some users that connect via Softphone (SIP) outside my network. I''ve done a DNAT rule correctly. When these users connect, they can hear, but the other side can not hear. My telephony server receives connections by an alias eth0: 4 which is the same IP output. See my rules file and my nat file: rules: DNAT net

Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how

I had to restart one of my routers tonight and since then shorewall on it has been dropping SIP packets coming in from one machine instead of forwarding them to the freebpx server. Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network external ip> DST=<server network external ip> LEN=575 TOS=0x00 PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060

hi, while stopping shorewall 4.5.21.2 on a debian7 box with the ADMINISABSENTMINDED set to no in shorewall.conf, the connections on vlan tagged interfaces that were active before the shorewall stop command was executed are not terminated as it is for the firewall and other interfaces! when the firewall is stopped as expected new connections on vlan tagged interface are refused but even

Hi, In log I get: ----------------------------------------------------------- Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0 ---------------------------------------------------------- Even in /etc/shorewall/rules I have

I give up and need help! I won''t add to the confusion by showing all the combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and FAQ2a many times! When googling the subject of this post there are many answers that boil down to using the same three iptables rules, two of which use nat. I won''t repeat them here. I don''t want to risk mixing

Shorewall 4.5.20 is now available for download. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) On some distributions, the shorewall-lite and shorewall6-lite uninstallers could fail with a syntax error. 2) A

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via

Hi all, I need an help to implement this kind of rules on shorewall: iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x055a5a47 && 0x2c&0xDFDFFFDF=0x53540343 && 0x30&0xDFDFFFFF=0x4f4d0000" -j DROP This kind of rules need to block a DNS Amplification Attack. I found this file

i am reaving lots of martian broadcats Nov 8 15:37:57 firewall kernel: [ 895.708393] martian source 192.168.0.3 from 192.168.0.1, on dev eth0 Nov 8 15:37:57 firewall kernel: [ 895.708399] ll header: ff:ff:ff:ff:ff:ff:90:f6:52:3f:65:c0:08:00 Nov 8 15:37:59 firewall kernel: [ 897.711647] martian source 192.168.0.3 from 192.168.0.1, on dev eth0 Nov 8 15:37:59 firewall kernel: [ 897.711654]

Hi I''m running on a debian box shorewall-4.5.17. My main gateway is a router running on openwrt and I want to use the shorewall-lite packet provided by openwrt. The openwrt''s provided shorewall-lite packet is 4.5.7. So my questions would be: 1: Do I need to make some modifications before installing shorewall-core-4.5.7/shorewall-4.5.7 on my debian box? 2: if I have both

Hi all, I''m tring to convert some manually written iptables rules into a shorewall configuration but I''m facing some issue with mode statistic. In our outgoing smtp we balance the source IP address of outgoing connections originating from the firewall between 4 alias configured on eth0 interface: eth0 inet addr:xxx.xxx.xxx.18 Bcast:xxx.xxx.xxx.255 Mask:255.255.255.0 eth0:1

I''m using the following rule on 3 different systems running shorewall-4.5.18 on Gentoo: ACCEPT all all icmp - - - 10/sec:20 shorewall starts fine on 2 of the systems but on the 3rd it fails to start with the following error: iptables-restore: line 119 failed ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input /usr/share/shorewall/lib.common: line 113:

Dear all, I''m setting up a new gateway for a small network (under 30 users)Gw will host the following services:shorewalldnsproxy i''m considering installing snort.can i do so on the same exact box ? is there any security risk of doing so ? box would have 4 ISPs and two internal interfaces. Any recommendation about the optimal setup of snort and shorewall (or if you suggest

Hi to all For is just az concept question : There are a need to change something in Squid3 config when it are running in the same box as shorewall with 2 ISP ? I''ve been thinking in do this at home, as a proof of concept for future implememtations ... I allways use Roberto''s Debian package to implement Shorewall . Fábio Rabelo

hello need a little help i have 2 NIC router with shorewall client PCs goes to internet fine with shorewall help. but i need to reroute traffic for one net via other gateway not ISPs. Gateway is on LAN NIC. 192.168.1.0/24 LAN x.x.x.x WAN router(shorewall) IP 192.168.1.15 i need to reroute traffic for 192.168.2.0/24 network to 192.168.1.1 gateway I know how to do it via route and iptables, bu just