similar to: [PATCH] Configurable variable for iptables executable

Hi, I noticed shorewall''s accounting feature didn''t support the owner module of iptables. Well, I needed the feature so here''s a patch that makes it possible. However, there''s one thing you might review carefully as I wasn''t sure what''s the best way to work around it. You must use chain OUTPUT in order to make -m owner work (iptables

Ok -- I''m wearing the brown bag tonight (I''ve airmailed one to Tuomas as well :-) ). The IPTABLES patch had some problems when IPTABLES was not set in /etc/shorewall/shorewall.conf. Beta 6 fixes those (I hope) and also corrects a rather obscure problem with "shorewall add" when the "mss" option appears in /etc/shorewall/ipsec. -Tom -- Tom Eastep \

Im new to shorewal but have read the docs includint the ping section of the FAQ but I cant seem to get the fw to respod to pings.... my policys are ... loc net ACCEPT info net fw ACCEPT info loc loc ACCEPT info fw net ACCEPT info net all DROP

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I just recompiled a plain vanilla 2.4.28 kernel, and used the Shorewall.net kernel config as a guideline. For some reason, I get this: Nov 30 12:05:34 fw shorewall: Shorewall has detected the following iptables/netfilter capabilities: Nov 30 12:05:34 fw shorewall: NAT: Available Nov 30 12:05:34 fw shorewall: Packet Mangling: Available Nov 30 12:05:34 fw shorewall: Multi-port Match:

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

Hello, First let me say how much I appreciate Shorewall. I just downloaded shorewall-1.3.14.tgz, built and installed it without error, and had it working with only minimal fiddling with the config files. I''m having trouble getting NFS to work with Shorewall. I followed the info on the "Ports required for Various Services/ Applications" page but I couldn''t get it to

Having moved from a "cascading LANs" configuration to two independent LANs on eth0 and eth1, I still get some "state INVALID" for which I am not sure what the cause is. Can somebody help me understand its probable origin? Thanks, Costantino [see attachment]

Hi, like implementing this script with shorewall? -------------------------------------------- #!/bin/sh dig ads.web.aol.com | grep "ads." | grep -v \; | grep -v \< | cut -f5 | while read aolblock1; do iptables -A OUTPUT -p all --destination $aolblock1 -j DROP done --------------------------------------- Thanks, Aventino Faria

I have a standard 3 interface shorewall setup and I want to receive multicast stuff from ''net'' -> ''loc''. This requires me, first, to do an IGMP join which involves 192.168.1.x -> 224.0.0.x being NATed out as the ''net'' interface''s IP address. Obviously replies have to be NATed back to ''loc'' addresses. Can

Hi I know I still need to learn a lot about firewalls so if I''ve missed some doc I should have read don''t hesitate to point it out to me. I have set up shorewall on my desktop and my laptop and everything appears to be working fine but now I''d like to allow certain services (like shh, rsync, unison, http) between these two PC''s. My LAN looks like this:

Hello all, i am new to shorewall and i already have a question ;) i am running a mailserver in my dmz (or actually this will be when = evertything will be working fine with shorewall) with public ip = addresses.. i have a subnet of 8 ip addresses (255.255.255.248 mask) and = i was planning of the classic 3 nic (eth0-2) setup... the dmz should = work with proxy-arping...=20 now my quesion is

Hello everyone, I run a Pure-FTP server on my DMZ. I can specify with Pure-ftp what ports will be used for clients when they connect with passive mode. I entered 50000 50400, so I have enough for 200 users at the same time. Then the pure-ftp website tells me to open up those ports on the firewall. How do I do this? In my rules file is now something like: ACCEPT net dmz:10.0.0.2 tcp

Hi Tom and other gurus, I modified SHOREWALL (version 2.0.15) for bridging and I cannot restart it. I got the following error ... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net

Hello Group I am trying to set up a demo of Squid at my location to to a person that has proxy ports blocked on his firewall at his location by having him set his IE Browser set to use proxy server 64.42.49.235 port 80. My thinking was to set up a rule in shorewall which redirects port 80 to 3128 as in a local setting. My test server is running rh 7.3, Shorewall 1.3.14 with one interface

Rather than have lots of folks downloading a version with a broken ''check'' command, I''ve released 1.4.1a that corrects the problem. Sorry for the back-to-back releases today... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

Tom, I am NOT subscribed (yet). I dropped SuSeFirewall2 in favor of shorewall to get past the configuration hurdles I as experiencing. At the moment, when my SuSe 9.1 starts up, I can see shorewall processing the rules, policies, etc. and I see no errors and then moves on with the rest of the SuSe boot process . However, no traffic passes through using the rules. I run an iptables -L and I

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

Hi! I''ve been searching the net for information about this topic, but I can''t find anything relevant to my problem or I don''t understand the answer completely. Please enlighten me... :-) I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today the users behind the Cisco FW is on a NAT-network and in the same network there are a couple of