similar to: [Fwd: [shorewall-coding] Shorewall2 functions, 1.39, 1.40]

Hello all, I tried to include a file from within the accounting config-file. The filename was specified using a parameter in params as: ACCFILE=/var/lib/shorewall/accounting.generated and then included in accounting as: INCLUDE $ACCFILE However when (re)starting shorewall, it gave some error about being unable to find ''/etc/shorewall/$ACCFILE'' (with the $ACCFILE parameter

I believe that 2.4.0 is about ready to be sent out the door. I''ve made a couple of small changes since RC2 but I don''t believe that they warrant another RC. There remains the issue of what to do about support for Shorewall 2.0 given that 2.2 has only been available since March. It would be my recommendation to make 2.4 the new "stable" release but continue to

Hi, I''ve set up a bridge which connects two parts of the same subnet with each other. I''ve set up everything as described in the Documentation and it works very nicely. However: I have a problem with adding hosts to zones dynamically. The zone I want to add hosts to is called ''work''. Since only the bridge br0 is defined in /etc/shorewall/interfaces

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m running systems with openswan and modified _updown script supporting shorewall dynamic hosts. Because on problems with cvs head version of openswan I found a error from shorewall dynamic hosts support. When host is already in zone shorewall aborts adding process with error. This is not good thing(tm). I found out that deleting host from

I''ve got what I think is a fairly simple home network configuration with one Linux box functioning as the firewall, VPN server, DHCP server and file/print server. I am having trouble configuring both a VPN server (PopTop) and the firewall rules for a W2K PPTP VPN client. The VPN server runs on the firewall machine and the VPN client runs on a W2K machine behind the firewall. The VPN

I''ve gotten the basic code working on my firewall. So that I can quickly get back online if I screw up, I''m currently calling it shorewall2. That way if it screws up I can just "shorewall restart". /sbin/shorewall2 -- command interpreter /etc/shorewall2/ -- configuration files /usr/share/shorewall2/ -- shared files Both Shorewall and Shorewall2 use the

Dear All, I have read all the documentation I can find but I still have not understood how, in what context and where to use the action commands enumerated in /usr/share/shorewall/actions.std. Illustrating with SMB traffic for instance, how can one use AllowSMB, DropSMB and RejectSMB to control SMB traffic instead of the classic ACCEPT z1 z2 udp 135,445 ACCEPT z1

So, now I see why I was doing the fw 2 fw rule. It was for my YP/NIS usage. Does anyone know how I get that to work?

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi folks, I''m conducting a straw poll for your opinions on whether we should send CVS commit logs (probably with diffs) to the shorewall-devel list, or to another (new) list? I can see advantages to both ways: separate lists mean that people who aren''t contributing code don''t get flooded with code noise, but a single list will help keep everyone involved in the

Hi folks, I know this isn''t a shorewall question, but i''m hoping someone can point me to the right place to look for answers on this (since, as Tom suggests, search engines are useless for some things): Here is my firewall setup: ADSL1 ADSL2 dialup \ | / firewall | DMZ It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

Hi! how can I mark ack packets with shorewall 2.x? (In 1.x I have done it with own rule in common file) TiA CU

Since you''ve started signing your email, Tom, my machine can''t verify your sig. Where are you publishing your key? -- John Andersen - NORCOM http://www.norcomsoftware.com/

I''m going to start being rude with people if I don''t take a break from the list for a while. I''ll be back in a couple of days after I cool off..... --Tom -- Tom Eastep \ Off-list replies are cheerfully ignored Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

hello I''m using the 2.6 series 5 vservers on eth1 running on debian unstable and I wanted two of them to be used as "proxies". One of the proxies has 3 interfaces (well 4 if you count the ath0 interface whose traffic I''d like to pass through the "vproxy"); one facing the hosts''/out interface, one facing the "dmz" where two vservers

Anyone else seeing this?? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None fw net ACCEPT None None net Any DROP info None Any Any REJECT info None I have done NAT on eth0 and I am running squid proxy on the server. I am not able send or

Been trying to track down an issue where when I issue a restart on shorewall it stalls for maybe 5 minutes. I have tracked it down to the removing of the rules portion but have not been able to get any closer yet. Some place after "strip_file rules" and echo "Deleting user chains..." It seems to fix itself after a reboot of the system for an unknown time then it resurfaces

I was wondering if i could stick a certain ip in the blocklist, but at the same time have an allow rule for http in the rules section. In other words i would like to block pretty much all access from a certain internet address except for http from the internal network. So does the rules file get parsed before the blacklist in the firewall to make this possible?