Displaying 20 results from an estimated 60000 matches similar to: "[PATCHES] Two QUEUE policy patches"
2002 Dec 28
2
HTML Posts -- Take 2
I had expected to be out of town this weekend so when I plans suddenly
changed, I responded to a nudge from a list member and investigated means
for stripping html from list posts. It turns out that MailMan 2.1 has this
capability and since I run MailMan for my list server, that seemed like a
good fit.
After a couple false starts trying to upgrade, I think that I have it
running.
One thing
2005 Jun 04
3
[Fwd: [shorewall-coding] Shorewall2 functions, 1.39, 1.40]
Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050604/bee263f3/signature.bin
2004 Oct 14
1
shorewall-2.1.11 / iptables -N net_frwd iptables: Chain already exists
Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20041014/45aef157/attachment-0001.bin
2004 Oct 08
2
ipsec policy problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
>
> #--- file: policy ---
> #vpn policies:
> loc vpn ACCEPT info
> fw vpn ACCEPT info
> vpn loc ACCEPT info
> vpn fw ACCEPT info
>
> net
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2007 Apr 10
2
policy routing with two shorewalls
I have, for the time being, decided to split my dual ISP/single
shorewall connection into two shorewall connections/boxes, each handling
one ISP.
I am running OSPF in the network and so far things are working out
fairly well (from a client of the two gateways).
$ ip route ls
10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20
192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric
2005 Jan 30
11
Poor ipsec performance with policy match
Hello !
I have a performance issue with Kernel 2.6.X and policy match support as
suggested in http://shorewall.net/IPSEC-2.6.html. My IPSEC performance
doesn''t exeed about 30kbyte/sec even if my downlink is 1024kbit/sec and
should reach more than 100kbyte/sec.
No, its not the cpu''s performance (AMD Barton 2500+) and no it''s not the
gateway (CELERON 600 Mhz) on the
2007 Jun 18
3
ip_tables: policy match: invalid size 308 != 116
when i start or restart syslog-ng, i''ve above message.
Can this be a shorewall or iptables synchro ?
mess-mate
--
April 1
This is the day upon which we are reminded of what we are on the other three
hundred and sixty-four.
-- Mark Twain, "Pudd''nhead Wilson''s Calendar"
2006 Apr 22
6
bridge firewall with two nets
Hi
I would like to use shorewall for my bridge firewall.
I just read the howto http://www.shorewall.net/bridge.html
But in this howto there are only one net behind the bridge and have
two nets behind my bridge.
Can I use shorewall with two nets behind the bridge.
Thanks in advance.
roberto
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
2003 Jan 21
4
Two diferent LAN''s...
Hi,
I''ve got a question about how to configure the shorewall, and maybe
someone could answer.
I have a PC with 3 ethernet. The eth0 connets to internet. The eth1
connects to LAN A, and the eth2 connects to LAN B. I''ve configured
the shorewall for doing NAT, and both LANs can navigate, but it seems
that from a LAN A host you can connect to a PC of LAN B, and the
other way
2004 Dec 14
4
ipsec-netfilter patches for 2.6.9
The patches may be found at:
http://shorewall.net/pub/shorewall/contrib/IPSEC
ftp://shorewall.net/pub/shorewall/contrib/IPSEC
I found these patches on the netfilter-devel list and make no warranties
as to how well they work (or not).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2004 Nov 07
3
Zone to same zone policy
Are there any scenarios that require traffic from a zone to itself to be
blocked? If not, Shorewall should possibly allow it as a matter of course.
It seems strange having to explicitly create such a policy & it''s not
immediately obvious when it is required.
--
Taso Hatzi
caesar 17 <<-salad
cjbx jc vdwwjar jc xi jc jd
salad
2004 May 18
0
New 2.0.2b .lrp and new .lrp policy
I have just uploaded a new version of the 2.0.2b .lrp:
http://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp
ftp://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp
This version already includes the normal LEAF changes that are present
in the shorewall.lrp distributed with Bering and Bering-uClibc.
Thanks to K.-P. Kirchdörfer, future versions of the .lrp will
2004 Dec 15
3
Newbie: Problem with two-interface setup
Hi
I have a problem with Shorewall on my two-interface connection. I run
Debian unstable. The setup looks like this:
Internet -------- router ------- server
213.237.12.137 192.168.1.3 192.168.1.2
192.168.0.7 --- local net
192.168.0.{...}
I can ping the server from the local net, and the local net from the
2005 Feb 07
5
shorewall with two internets
My company has been living off of a relatively slow DSL connection for
the last few months. We still need this connection for the static IP''s,
but have recently added a cable subscription to bump up the speed (we''re
too far from the CO to increase our DSL speed).
I''ve been messing with shorewall for awhile, but can''t for the life of
me figure out how to
2004 Aug 18
0
iptables-save is broken with policy match
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iptables=save is producing bad output for rules involving policy match.
I''ve checked in a version of /sbin/shorewall to the Shorewall2/ CVS
project that compensates for this bug.
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2005 Apr 16
6
wishlist: ''none'' as source address in rules
Hi,
I plug my laptop in different networks and use the following hack to
configure automatically shorewall for trusted/untrusted networks:
In /etc/shorewall/params:
# none is a dummy zone associated to the loopback interface
NONE="none:0.0.0.0"
# Network scheme, automatically detected by intuitively
NETWORK_SCHEME="$(cat /etc/network/scheme 2>/dev/null)"
case
2005 Mar 01
5
[Not Subcribed] Two-Interface sample file version - 2.0.1
Hello,
I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2
interface quickstart guide I download the 2.0.1 interface sample and untar
it.
"tar -zxvf two-interfaces.tgz"
Maybe a dumb question but I can''t find anything on Google or the Shorewall
mail archives that say anything about this. So I''m assuming its me. :P
But the
2004 Jul 07
2
Correctly establishing for two ethernet connections plus a lan
I have attached the present system setup as requested.
This is a Mandrake 10.1 system, and the /etc/shorewall files excerpted
are exactly those setup when I requested the firewall with connectivity
for web, dns, ssh and mail servers along with bittorrent services.
However, on a restart, shorewall informed me that eth2:10 was invalid. I
therefore manually removed all the aliased subsets for eth2
2004 Aug 19
6
Re: Two Links and DNAT
----- Original Message -----
From: "Jerry Vonau" <jvonau@shaw.ca>
To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net>
Sent: Thursday, August 19, 2004 08:06
Subject: Re: [Shorewall-users] Two Links and DNAT
>
>
> > Btw, by "shorewall show nat" I just noticed that I was doing snat only
> > for packets comming