similar to: [PATCHES] Two QUEUE policy patches

I had expected to be out of town this weekend so when I plans suddenly changed, I responded to a nudge from a list member and investigated means for stripping html from list posts. It turns out that MailMan 2.1 has this capability and since I run MailMan for my list server, that seemed like a good fit. After a couple false starts trying to upgrade, I think that I have it running. One thing

Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 186 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050604/bee263f3/signature.bin

Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20041014/45aef157/attachment-0001.bin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > > #--- file: policy --- > #vpn policies: > loc vpn ACCEPT info > fw vpn ACCEPT info > vpn loc ACCEPT info > vpn fw ACCEPT info > > net

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running, > but I still have a problem: > > Validating hosts file... > Error: Your kernel and/or iptables does not not support policy match: ipsec > > I had a look for netfilter patch-o-matic, but I did not find the

I have, for the time being, decided to split my dual ISP/single shorewall connection into two shorewall connections/boxes, each handling one ISP. I am running OSPF in the network and so far things are working out fairly well (from a client of the two gateways). $ ip route ls 10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20 192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric

Hello ! I have a performance issue with Kernel 2.6.X and policy match support as suggested in http://shorewall.net/IPSEC-2.6.html. My IPSEC performance doesn''t exeed about 30kbyte/sec even if my downlink is 1024kbit/sec and should reach more than 100kbyte/sec. No, its not the cpu''s performance (AMD Barton 2500+) and no it''s not the gateway (CELERON 600 Mhz) on the

when i start or restart syslog-ng, i''ve above message. Can this be a shorewall or iptables synchro ? mess-mate -- April 1 This is the day upon which we are reminded of what we are on the other three hundred and sixty-four. -- Mark Twain, "Pudd''nhead Wilson''s Calendar"

Hi I would like to use shorewall for my bridge firewall. I just read the howto http://www.shorewall.net/bridge.html But in this howto there are only one net behind the bridge and have two nets behind my bridge. Can I use shorewall with two nets behind the bridge. Thanks in advance. roberto -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte técnico ISPs

Hi, I''ve got a question about how to configure the shorewall, and maybe someone could answer. I have a PC with 3 ethernet. The eth0 connets to internet. The eth1 connects to LAN A, and the eth2 connects to LAN B. I''ve configured the shorewall for doing NAT, and both LANs can navigate, but it seems that from a LAN A host you can connect to a PC of LAN B, and the other way

The patches may be found at: http://shorewall.net/pub/shorewall/contrib/IPSEC ftp://shorewall.net/pub/shorewall/contrib/IPSEC I found these patches on the netfilter-devel list and make no warranties as to how well they work (or not). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

Are there any scenarios that require traffic from a zone to itself to be blocked? If not, Shorewall should possibly allow it as a matter of course. It seems strange having to explicitly create such a policy & it''s not immediately obvious when it is required. -- Taso Hatzi caesar 17 <<-salad cjbx jc vdwwjar jc xi jc jd salad

I have just uploaded a new version of the 2.0.2b .lrp: http://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp ftp://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp This version already includes the normal LEAF changes that are present in the shorewall.lrp distributed with Bering and Bering-uClibc. Thanks to K.-P. Kirchdörfer, future versions of the .lrp will

Hi I have a problem with Shorewall on my two-interface connection. I run Debian unstable. The setup looks like this: Internet -------- router ------- server 213.237.12.137 192.168.1.3 192.168.1.2 192.168.0.7 --- local net 192.168.0.{...} I can ping the server from the local net, and the local net from the

My company has been living off of a relatively slow DSL connection for the last few months. We still need this connection for the static IP''s, but have recently added a cable subscription to bump up the speed (we''re too far from the CO to increase our DSL speed). I''ve been messing with shorewall for awhile, but can''t for the life of me figure out how to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iptables=save is producing bad output for rules involving policy match. I''ve checked in a version of /sbin/shorewall to the Shorewall2/ CVS project that compensates for this bug. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

Hi, I plug my laptop in different networks and use the following hack to configure automatically shorewall for trusted/untrusted networks: In /etc/shorewall/params: # none is a dummy zone associated to the loopback interface NONE="none:0.0.0.0" # Network scheme, automatically detected by intuitively NETWORK_SCHEME="$(cat /etc/network/scheme 2>/dev/null)" case

Hello, I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2 interface quickstart guide I download the 2.0.1 interface sample and untar it. "tar -zxvf two-interfaces.tgz" Maybe a dumb question but I can''t find anything on Google or the Shorewall mail archives that say anything about this. So I''m assuming its me. :P But the

I have attached the present system setup as requested. This is a Mandrake 10.1 system, and the /etc/shorewall files excerpted are exactly those setup when I requested the firewall with connectivity for web, dns, ssh and mail servers along with bittorrent services. However, on a restart, shorewall informed me that eth2:10 was invalid. I therefore manually removed all the aliased subsets for eth2

----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, August 19, 2004 08:06 Subject: Re: [Shorewall-users] Two Links and DNAT > > > > Btw, by "shorewall show nat" I just noticed that I was doing snat only > > for packets comming