similar to: What is going on now?

Although Shorewall provides safeguards against it, people seem to regularly shoot themselves in the foot when doing remote system administration. I''ve been thinking about this problem and wonder if a change to the way that "shorewall stop" behaves might help. Today, "shorewall stop" stops all traffic except to/from those destinations listed in

Greetings, What programming languages besides shell scripting are used in shorewall? What knowledge is needed to help in shorewall development? I figure iptables is a goood bet but is there anything else as well? Thank you for your time. Regards, Jason

Hi! Taking into consideration the great speed with which the use of P2P filesharing systems is expanding, is there any plan of including ipp2p and ipt_CONNTRACK support into shorewall? I''m sure that many admins managing gateways would be very happy about it... Thanx, -- Mario R. Pizzolanti <mario@zavood.ee> Zavood O?

Hi, First of all, thanks to all shorewall developers. Shorewall is really great. Here is a patch to add the following feature : This patch allows you to mark packets according to the user name under which the program generating output is running. To do so, the patch will allow you to write rules in the tcrules file looking like that : #MARK SOURCE DEST PROTO PORT(S) CLIENT USER #

The current Shorewall release model has the following characteristics: a) The last two major releases are supported. b) Only the latest major release is actively developed. c) Bug fixes are available for the prior major release but only against the last minor release. d) The last major release is advertised as the "Current Release". I''m thinking of switching to a model that

As 2.2.0 is nearing release, I''ve begun to think about what I''ll do for 2.3 and I think that it is time for Shorewall to add support for IPV6. Because of parsing ambiguities, the need to maintain upward compatibility with both Shorewall and 6Wall, and different available functionality in IPV4 and IPV6 Netfilter, I believe that it is going to be necessary for some files to be

Hiya, > Ok with me -- if I get too frustrated with DocBook, I''ll just start > editing the HTML again. > > -Tom > Well the fact that VIM is supported by Docbook is a plus .. But I still think the Wiki idea is well .. Lets get the doc at a CVS and Docbook stage .. Walking before running .. plz plz .. Francesca PS: I have thrown Windoze out the Window here (Pardon The

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, I''d like to know how to set up shorewall to deny a user-defined action in a time-based basis, for example, I have a group of users using MSN, AOL, www and https, in a defined action called action.BasicAccess now, I want this access to be enabled only on lunch time from Monday through Friday and weekends from noon to 6pm... I know

The Shorewall support page advocates including the output of "shorewall status" with problem reports that involve some sort of connection problem. I suspect that the number of people who feel comfortable analyzing problems through use this output is small. To help, I''ve created http://shorewall.net/AnalyzingShorewallStatus.html I suspect that the document isn''t

Hello, I have the go ahead to fix documentation. For starters I will clean all extraneous crap from the markup. Then fix any errors and typos. If anyone sees any gramatical errors or typos or needed clarifications or expansions or whatever, please post them here. Or additional FAQ entries, etc, all will be considered. I hope to keep most of this conversation on the shorewall-devel list. Any

Hy, sorry for my poor english i think i''m having a very unusual problem and very dificult to track, but i''ll try to explain it as best as i can. here is my scenario: a firewall/bridge composed of 3 ethernet devices and 1 virtual one. my bridge (br0 ) is composed of eth0, eth1 and tap0 br0:eth0 is my connection to my router (200.244.92.1) br0:eth1 is my connection to my

Hi folks, I''ve added a couple of ''help wanted'' ads to our SourceForge project. You can see them at http://sourceforge.net/people/?group_id=22587 I''ll add more as i have the opportunity. If you can think of other jobs we need to assign, please let me know. -- Paul <http://paulgear.webhop.net> -- Did you know? Using accepted quoting conventions makes

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the

Okay, no one had any idea concerning my Radmin question, which I still haven''t figured out. However, I am now trying to figure out an FXP problem. All of the needed details are listed below the description problem. Problem: I have a local windows XP pro computer running FlashFXP behind shorewall 2.0.9 (unpatched) with only two interfaces (ppp0 and eth1) as loc:192.168.1.5. The server

I just installed Fedora Core 3 uname -r 2.6.9-1.667 I got the latest shorewall''s rpm: http://www.shorewall.net/pub/shorewall/2.2/shorewall-2.2.0/shorewall-2.2.0-1 .noarch.rpm Made my changes Attempted to run shorewall and got: [root@demo shorewall]# shorewall start ERROR: Can''t find iptables executable I haven''t seen this before. I tried to go through all the

Having moved from a "cascading LANs" configuration to two independent LANs on eth0 and eth1, I still get some "state INVALID" for which I am not sure what the cause is. Can somebody help me understand its probable origin? Thanks, Costantino [see attachment]

Tom, I am NOT subscribed (yet). I dropped SuSeFirewall2 in favor of shorewall to get past the configuration hurdles I as experiencing. At the moment, when my SuSe 9.1 starts up, I can see shorewall processing the rules, policies, etc. and I see no errors and then moves on with the rest of the SuSe boot process . However, no traffic passes through using the rules. I run an iptables -L and I

Having study a number of documents on linux traffic shaper, I started to setup my shaping rules in my network. My linux box is running RH AS3 U3, shorewall 2.0.9. It is using PPPoE connected to the Internet firewall: eth0: connect to the adsl modem eth1: private net ppp0: virtual dial up interface for pppoe There is a ftp server on the private net It is listen for port 21 and configured

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Subject says it all... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net