similar to: Behavior of SAVE_IPSETS

http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to

This is the latest development release and may be found at: http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.1 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.1 This release changes the way that SAVE_IPSETS=Yes works to try to make it harder to shoot yourself in the foot. Read the release notes carefully. In addition, there are two problems corrected: 1) A typo in the

I''ve also placed the patch in: http://shorewall.net/pub/shorewall/contrib/ipset/ ftp://shorewall.net/pub/shorewall/contrib/ipset/ -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and

Adam Chapman wrote: > > If I can show that the problem exists from the shorewall startup script > are you interested in the problem then? > I have replied to Adam off-list about this but let me say publicly that I don''t believe that this can be solved in the init scripts in any general way. Adam says: > I''d like to not have to rely on a domain name to get

Sorry for the back-to-back releases but there have been quite a few bugs found in 3.0.0 so it seems like a good idea to make 3.0.1 available now. Problems Corrected in 3.0.1 1) If the previous firewall configuration included a policy other than ACCEPT in the nat, mangle or raw tables then Shorewall would not set the policy to ACCEPT. This could result in a ruleset that rejected or

Shorewall 4.3.7 is available for testing. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 7 ---------------------------------------------------------------------------- 1) Klemens Rutz reported a problem that affects all Shorewall-perl 4.2 and 4.3 versions. The problem: a) Only occurs when

This will be the final 2.3 release. It makes available multiple-ISP support. There is one external change to the version that has been in CVS for the last couple of days -- the ''default'' provider option has been named ''balance'' to better describe what the option does (load balancing). Please see http://shorewall.net/Shorewall_and_Routing.html for more

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

FYI This bug will prevent ''shorewall restore'' from working if you have "!<single IP address>" in the ORIGINAL DEST column. -Tom ---------- Forwarded Message ---------- Subject: [PATCH] Another iptables-save buglet Date: Wednesday 14 September 2005 15:09 From: Tom Eastep <teastep@shorewall.net> To: netfilter-devel@lists.netfilter.org The conntrack

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 Problems Corrected: 1. The "shorewall add" and "shorewall delete" commands now work in a bridged environment. The syntax is: shorewall add <interface>[:<port>]:<address> <zone>

This update will be of interest to you if you use dynamic zones or if you have an /etc/shorewall/start file and use the ''save'' command. http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.12 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.12 Problems Corrected: 1. A typo in shorewall.conf (NETNOTSYN) has been corrected. 2. The "shorewall add" and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2. If A is a user-defined action and you have file /etc/shorewall/A

Robin Lynn Frank wrote: > > My question is why is the rule successful only until the shorewall box > is rebooted? When you re-boot, Shorewall is started with the "-f" (fast) option. This means that if there is a restore file generated by a "shorewall save" command (as given by the RESTOREFILE setting in shorewall.conf) then Shorewall is restored from that file

Shorewall 4.4.19.4 is now available. Problems corrected in this update: 1) Previously, the compiler would allow a degenerate entry (only the BAND specified) in /etc/shorewall/tcpri. Such an entry now raises a compilation error. 2) Previously, it was possible to specify tcfilters and tcrules that classified traffic with the class-id of a non-leaf HFSC class. Such classes are

The administrator of the main web/ftp site has informed me that the site is currently down. Until service is restored, you can use: http://www1.shorewall.net ftp://ftp1.shorewall.net Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \