similar to: Custom chain

Displaying 20 results from an estimated 1000 matches similar to: "Custom chain"

2013 Nov 19
7
IPv6 connections won't be rejected nor logged
Hi, I have servers where shorewall6 won''t reject nor log: # cat /etc/shorewall6/zones fw firewall net ipv6 # cat /etc/shorewall6/interfaces net eth1 tcpflags (I also tried without "tcpflags", but no changes) # cat /etc/shorewall6/policy $FW all ACCEPT all all REJECT info # cat /etc/shorewall6/rules SECTION NEW (for testing, I removed all the rules) I am testing from
2013 Nov 23
3
Shorewall 4.5.21.4
Shorewall 4.5.21.4 is now available for download. Problems corrected since 4.5.21.3: 1) The Broadcast actions have been corrected: o --dst-type BROADCAST has been removed from the IPv6 version o A superfluous DROP rule in the IPv4 version has been suppressed. 2) Previously, if an HFSC class was specified with dmax but not umax, then the firewall would fail to start with the
2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table
2013 Nov 25
0
Re: [edk2] [PATCH RFC v2 7/7] OvmfPkg: introduce XenMemMapInitialization
Regarding patches 5-7, it seems like the mem-map code flow could be more shared. It is a bit challenging to unravel things though. I guess the only specific thing I can really point out is that PcdPciAllowFullEnumeration should be initialized in a different patch, and not within the mem-map init path. -Jordan On Tue, Nov 19, 2013 at 12:38 PM, Wei Liu <wei.liu2@citrix.com> wrote: > This
2013 Oct 03
2
Packetfence
Hi Has anybody tried to combine shorewall (instead of iptables) with packetfence? /Göran ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and
2013 Sep 01
2
ICMP rate limit terminates shorewall
I''m using the following rule on 3 different systems running shorewall-4.5.18 on Gentoo: ACCEPT all all icmp - - - 10/sec:20 shorewall starts fine on 2 of the systems but on the 3rd it fails to start with the following error: iptables-restore: line 119 failed ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input /usr/share/shorewall/lib.common: line 113:
2013 Aug 29
2
shorewall and snort - recommendation
Dear all, I''m setting up a new gateway for a small network (under 30 users)Gw will host the following services:shorewalldnsproxy i''m considering installing snort.can i do so on the same exact box ? is there any security risk of doing so ? box would have 4 ISPs and two internal interfaces. Any recommendation about the optimal setup of snort and shorewall (or if you suggest
2013 Aug 19
4
squid on a dual ISP cenario
Hi to all For is just az concept question : There are a need to change something in Squid3 config when it are running in the same box as shorewall with 2 ISP ? I''ve been thinking in do this at home, as a proof of concept for future implememtations ... I allways use Roberto''s Debian package to implement Shorewall . Fábio Rabelo
2013 Aug 29
2
Multiple gateways
hello need a little help i have 2 NIC router with shorewall client PCs goes to internet fine with shorewall help. but i need to reroute traffic for one net via other gateway not ISPs. Gateway is on LAN NIC. 192.168.1.0/24 LAN x.x.x.x WAN router(shorewall) IP 192.168.1.15 i need to reroute traffic for 192.168.2.0/24 network to 192.168.1.1 gateway I know how to do it via route and iptables, bu just
2013 Oct 10
3
Detect dhclient leases file in centos
Hello, I''m using shorewall-4.5.16 with centos5. The dhclient stores the lease information on the /var/lib/dhclient/dhclient-<DEVICE>.leases file. The /var/lib/shorewall/firewall script has the function detect_dynamic_gateway that detects the gateway based on the leases file. The code in the function is: detect_dynamic_gateway() { # $1 = interface local interface
2013 Sep 06
3
Shorewall OpenVPN, routing back from a LAN
When using shorewall with a road warrior openvpn setup, how can I get the tun interface to masq through a lan interface? Example Setup: Machine A (tun0 10.0.0.1) -----------VPN---------(tun0 10.0.0.2)---------Machine B(10.10.10.1) When I ping Machine B from Machine B, Machine B is receiving the echo request, but it doesn''t know the route back to the 10.0.0.0/24, and there
2013 Sep 08
2
Fwd: Where to put custom rules
Hi All, I have a custom TC configuration where I''m building the tc hierarchy manually with the tcstart script. I also need to add custom iptables rules in the mangle table to classify the packets. Currently I''m using started to insert the iptables commands, but that''s way too late in the process. I tried putting them into the initdone file, but it''s trying to
2013 Sep 30
1
Problem SIP
Good afternoon Tom, okay? See if you can help me ... I have some users that connect via Softphone (SIP) outside my network. I''ve done a DNAT rule correctly. When these users connect, they can hear, but the other side can not hear. My telephony server receives connections by an alias eth0: 4 which is the same IP output. See my rules file and my nat file: rules: DNAT net
2013 Sep 08
5
shorewall-lite
Hi I''m running on a debian box shorewall-4.5.17. My main gateway is a router running on openwrt and I want to use the shorewall-lite packet provided by openwrt. The openwrt''s provided shorewall-lite packet is 4.5.7. So my questions would be: 1: Do I need to make some modifications before installing shorewall-core-4.5.7/shorewall-4.5.7 on my debian box? 2: if I have both
2013 Dec 17
1
shorewall add fails with IPSET=
Hi all I have a CentOS6 box with shorewall-4.5.21. If I have IPSET= in shorewall.conf and I issue the command "shorewall add ppp:192.168.33.3 ptp", I get the error: /usr/share/shorewall/lib.cli: line 585: [: too many arguments ERROR: Zone ptp, interface ppp does not have a dynamic host list The error is corrected setting the actual path to ipset in shorewall.conf, or via the patch:
2013 Oct 27
4
shorewall stop
hi, while stopping shorewall 4.5.21.2 on a debian7 box with the ADMINISABSENTMINDED set to no in shorewall.conf, the connections on vlan tagged interfaces that were active before the shorewall stop command was executed are not terminated as it is for the firewall and other interfaces! when the firewall is stopped as expected new connections on vlan tagged interface are refused but even
2013 Sep 30
4
strange problem
Hi, In log I get: ----------------------------------------------------------- Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0 ---------------------------------------------------------- Even in /etc/shorewall/rules I have
2013 Sep 23
3
Custom iptables rules to drop DNS Amplification Attacks
Hi all, I need an help to implement this kind of rules on shorewall: iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x055a5a47 && 0x2c&0xDFDFFFDF=0x53540343 && 0x30&0xDFDFFFFF=0x4f4d0000" -j DROP This kind of rules need to block a DNS Amplification Attack. I found this file
2013 Jul 12
3
new Shorewall + strongSwan blog
Hi Tom, Thanks for the feedback about my Shorewall evaluation I''ve published a blog today covering general things I''ve observed about the way to combine Shorewall with strongSwan: http://danielpocock.com/practical-linux-vpns-with-strongswan-shorewall-and-openwrt Please let me know if anything is inaccurate or if there is anything substantial that I missed and I''ll
2013 Sep 16
7
Rsync rules for Shorewall
Hi folks, I''m having an issue with rsync between my firewall and an internal box. It seems to be a shorewall issue (or correctly speaking, an issue with my shorewall config) because if I disable shorewall my rsync works fine. And I just can''t find it documented anywhere what I need to do. I have rules like this : root@userver:/etc/shorewall# grep -i Rsync rules