similar to: New feature for Shorewall 2.2.3

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 Problems Corrected: 1) If a zone is defined in /etc/shorewall/hosts using <interface>:!<network> in the HOSTS column then startup errors occur on "shorewall [re]start". 2) Previously, if "shorewall status" was run on a system whose kernel lacked

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

I believe that 2.4.0 is about ready to be sent out the door. I''ve made a couple of small changes since RC2 but I don''t believe that they warrant another RC. There remains the issue of what to do about support for Shorewall 2.0 given that 2.2 has only been available since March. It would be my recommendation to make 2.4 the new "stable" release but continue to

Although Shorewall provides safeguards against it, people seem to regularly shoot themselves in the foot when doing remote system administration. I''ve been thinking about this problem and wonder if a change to the way that "shorewall stop" behaves might help. Today, "shorewall stop" stops all traffic except to/from those destinations listed in

hi, i installed and configured the shorewall-2.0.9 for standalone user interface in fc2,then removed the stop ,stopped and the routestopped files from the /etc/shorewall directory,and run the ''shorewall start'' command,at boot time the messages showing that it is not started,this is the /var/log/messages output fore shorewall: Jan 3 04:13:27 localhost netfs: Mounting other

The first release candidate is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta The only change between Beta 1 and RC1 is that the ''check'' command is back in RC1. Function from 1.3 that has been omitted from this version includes: 1) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4

I am currently using shorewall on leaf-bering. I have set it up with keepalived to create a high availabilty firewall cluster. I have an odd question in regards to shorewall. Currently in production I have keepalived controlling shorewall starts and stops. If I remove this and leave shorewall running on the backup firewall, will I run into any problems with having the nat tables built out and

Hi I have recently reconfigured my system to a Bridge based architecture on the basis that I have an ADSL Modem/Router with a Public address on the Wan side and a Private address on the Lan side. I am running a Debian based system kernel 2.6.7 and the Bridging software is installed and working correctly, including startup etc. The problem that I have is in "shorewall start" The

Hi all, I have just started using shorewall. So far so good. I have two questions which I cant find an answer to either on the website or googling. They may be stupid so please forgive my ignorance. 1) What is shorewalls preferred operating status, running or stopped? What I mean is, some firewalls start-up and run, and they do their thing, then they stop. But the firewall is still really

Hi! how can I mark ack packets with shorewall 2.x? (In 1.x I have done it with own rule in common file) TiA CU

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

Hello, I believe there may be a bug in shorewall version 2.0.8. I''ve been using shorewall for years without problems (last installed version was 1.4.6b-1). I''ve posted previously with the subject line "After upgrade people can no longer connect" dated on Sunday, September 19, 2004 which contains all the information for the upgrade. Today I uninstalled shorewall

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

Hi! I am looking for suggestions how I can add rules (or change the configuration otherwise) without interrupting of services. Right now, when I need to do a ''shorewall restart'' all services are not available during this time. I tried playing with the ''routestopped'' parameter but without success. How do you get around this? Thanks in advance, Christian

Hi all, I''m working on a patch for shorewall to make it run with a Crossbeam X40 machine (www.crossbeamsystems.com) and I would like to know where to send it, is this list the correct location?. The patch is necesary because of Crossbeam X series running mode: when you make a shorewall start, restart or clear, there are a packet dropping until shorewall is Started or cleaned. At