Displaying 20 results from an estimated 6000 matches similar to: "iptables-save is broken with policy match"
2004 Apr 29
2
iptables-save/iptables-restore
The version of Shorewall currently in CVS (Shorewall2/ project) has been
integrated with iptables-save/iptables-restore. This provides the means
to start and restart shorewall very quickly (mine restarts in under a
second) in the case where you are not changing your configuration.
The release notes are attached.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
2004 Jan 12
0
Shorewall2 -- now running on gateway.shorewall.net
I''ve gotten the basic code working on my firewall.
So that I can quickly get back online if I screw up, I''m currently calling it
shorewall2. That way if it screws up I can just "shorewall restart".
/sbin/shorewall2 -- command interpreter
/etc/shorewall2/ -- configuration files
/usr/share/shorewall2/ -- shared files
Both Shorewall and Shorewall2 use the
2004 Apr 20
2
Rule-specific Log Prefixes
The current CVS Project Shorewall2/ contains my implementation of this
feature. Thanks go to Xavier for ideas about the design.
Xavier -- please give my code a try and see if it works ok for you.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 May 17
1
Support for inbound traffic from multiple ISPs in CVS
The Shorewall2/ project in CVS contains my initial attempt to establish
correct routing for traffic forwarded from two different ISPs to
internal servers.
>From the release notes:
Shorewall 2.3.2 includes support for multiple Internet interfaces to
different ISPs. This feature is enabled by setting the "default"
option for each Internet interface in
2004 Oct 08
2
ipsec policy problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
>
> #--- file: policy ---
> #vpn policies:
> loc vpn ACCEPT info
> fw vpn ACCEPT info
> vpn loc ACCEPT info
> vpn fw ACCEPT info
>
> net
2005 May 03
0
Shorewall 2.3 Thread is opened
I''ve opened the Shorewall 2.3 thread in the Shorewall2/ CVS project.
The config files all show version 2.4 -- that saves me having to edit
each one of them again when I move from 2.3->2.4.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
2005 May 15
0
New Toy in CVS
If you are willing to patch your iptables and kernel to support the ROUTE
target, the code in CVS project Shorewall2/ now supports very flexible
routing. As an example, I run Squid in my DMZ for transparent proxy. Rather
than the complex routing setup described in
http://shorewall.net/Shorewall_Squid_Usage.html, I now use this single entry
in /etc/shorewall/routes to route all HTTP requests from
2004 Nov 26
0
More about Shorewall 2.2.0 Beta 5
If you encounter strange problems with the Beta then either set IPTABLES
(in shorewall.conf) to point to the iptables binary that you normally
use or download and install the ''/sbin/shorewall'' program from CVS
(Shorewall2/ project).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2005 May 26
3
Updated Shorewall build and publish scripts
Attached please find updated build and publish scripts. They set the
''ulink.target'' parameter appropriately when converting docbook->HTML. I
have always hacked my xhtml/params.xsl file to set this parameter; these
updated scripts make that abomination unnecessary.
Paul/Mike: It might be a good idea to add a CVS project for these scripts.
-Tom
--
Tom Eastep \ Nothing is
2004 Jul 30
0
Shorewall 2.1.2 problem with some shells
If you encounter strange problems with 2.1.2 and are using a shell other
than bash, you might try installing the ''functions'' file from CVS
Shorewall2/. It corrects a problem that I ran into with ''ash''.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2005 Sep 20
0
Fwd: [PATCH] Another iptables-save buglet
FYI
This bug will prevent ''shorewall restore'' from working if you have "!<single
IP address>" in the ORIGINAL DEST column.
-Tom
---------- Forwarded Message ----------
Subject: [PATCH] Another iptables-save buglet
Date: Wednesday 14 September 2005 15:09
From: Tom Eastep <teastep@shorewall.net>
To: netfilter-devel@lists.netfilter.org
The conntrack
2004 Aug 24
3
iptables-1.2.9 RPM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''ve built a 1.2.9 iptables RPM that corrects the two iptables-save
problems that I know about. It is available at:
http://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm
ftp://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm
I''m using this on SuSe 9.1 -- for other distros, YYMV...
This RPM works
2005 Mar 15
2
New feature for Shorewall 2.2.3
The following is taken from the Release notes for 2.2.3 (which will be
released in a month or so).
2) There has been ongoing confusion about how the
/etc/shorewall/routestopped file works. People understand how it
works with the ''shorewall stop'' command but when they read that
''shorewall restart'' is logically equivalent to ''shorewall
2004 Jan 31
5
Shorewall 2.0.0 Alpha 1
http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 May 03
0
Re: Shorewall router behind Shorewall fire
Dear Tom,
Very, very thanks the quikly answer.
It''s working.
I made mistake on shorewall2 here, i wrote "wifi" zone to "eth0"
/etc/shorewall/interfaces:
net eth0 192.168.2.255 <----------
lan2 eth1 192.168.3.255
lan3 eth2 192.168.4.255
and don''t kept my mind the order in zone file.
Thanks Tom
Psw
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2005 Jun 06
1
iptables bug results in confusion
The current thread on the User''s List entitled "Multi-ISP in 2.4.0" includes
the following tcrules file:
############################################################################
##
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
TEST
# PORT(S)
201:P eth2 ppp1
2002 Aug 14
0
iptables 1.2.7 and MULTIPORT=Yes
The 1.2.7 release of iptables has made an incompatible change in the
syntax used to specify multiport matches. As a consequence, users
upgrading to iptables 1.2.7 must set MULTIPORT=No in
/etc/shorewall/shorewall.conf.
I''ll have an updated firewall script available in the next day or two.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \
2004 Jun 16
0
[ANNOUNCE] Release of iptables-1.2.10
--3Y2Mr1SP1gWKl0+e
Content-Type: multipart/mixed; boundary="j9XQ5cF5hebrmXqw"
Content-Disposition: inline
--j9XQ5cF5hebrmXqw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi!
The netfilter coreteam proudly presents:
iptables version 1.2.10
1.2.10 is (like most other 1.2.x releases) a maintainance release,