Displaying 20 results from an estimated 8000 matches similar to: "Shorewall Release Model"
2003 Jul 16
6
HOWTO: Temporary dynamic blocking with Shorewall and Portsentry
Hi, all:
This is just a note and suggestion, not a question; but I really like this
system and thought it might be useful to others so I decided to share. Hope
it helps someone, and comments or suggestions are always welcome.
1. Overview: Shorewall accepts traffic on ports that I consider
"hostile" (i.e. ports on which I would NEVER expect to see connections) and
redirects
2003 Aug 23
2
Warning of upcoming removal of ''logunclean'' and ''dropunclean'' interface options.
Harald Welte just announced that the 2.6 Kernels will not support the
''unclean'' match extension except via Patch-O-Matic.
Since I have a polciy of not supporting Netfilter features that are only
available in P-O-M, I will be removing the ''logunclean'' and ''dropunclean''
interface options from Shorewall.
In 1.4.7, a warning will be issued if
2004 Jun 28
6
URGENT: Shorewall Security Vulnerability
Javier Fernández-Sanguino Peña has discovered an exploitable
vulnerability in the way that Shorewall handles temporary files and
directories. The vulnerability can allow a non-root user to cause
arbitrary files on the system to be overwritten. LEAF Bering and Bering
uClibc users are generally not at risk due to the fact that LEAF boxes
do not typically allow logins by non-root users.
For 2.0
2003 Nov 02
6
Shorewall CA Certificate
If any of you have been so bold as to install the Shorewall CA
Certificate in your browser(s), the current certificate will expire on
11/13. There is a new 10-year certificate available for installation at:
http://lists.shorewall.net/Shorewall_CA_html.html
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2003 Aug 19
7
[Fwd: Re: Shorewall 1.4.6: common chain rules are applied before policyrules?]
Thank you for your support.
The next question: Is there a kind of common chain applied before
ACCEPT policy? I want to DROP or REJECT Netbios traffic on most
interfaces but do not want to repeat those rules in the rules file.
Thanks,
Boi
-----Th?ng ?i?p chuy?n ti?p-----
> From: Tom Eastep <tmeastep@hotmail.com>
> To: Le.Hong.Boi@sg.netnam.vn
> Subject: Re: Shorewall 1.4.6: common
2003 Oct 21
14
Prioritizing traffic
I don''t know whether this is the right place to ask, but kindly point me to
an FM that I can R if it isn''t.
My wife is creating lots of Kazaa traffic, and I am using rsync to create a
full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and
some other stuff. Clearly, when one is moving well over 100GB over a 128
Kbps link, this is going to take a
2002 May 13
3
RE: [Shorewall-users] SMTP outbound problem (fwd)
I think we should add an FAQ entry for tcp_ecn.
I remember Tom giving a good description in one of his many responses
and there is mention of it in the pptp page, but I could not find the
response from Tom about different tcp stacks.
Thanks,
--
Steve Herber herber@thing.com work: 206-261-0307
Systems Engineer, AMCIS, UoW home: 425-454-2399
---------- Forwarded message ----------
Date: Sat,
2005 May 27
10
Help wanted notices
Hi folks,
I''ve added a couple of ''help wanted'' ads to our SourceForge project.
You can see them at
http://sourceforge.net/people/?group_id=22587
I''ll add more as i have the opportunity. If you can think of other jobs
we need to assign, please let me know.
--
Paul
<http://paulgear.webhop.net>
--
Did you know? Using accepted quoting conventions makes
2005 May 24
4
Programming Languages?
Greetings,
What programming languages besides shell scripting are used in shorewall?
What knowledge is needed to help in shorewall development? I figure iptables is a goood
bet but is there anything else as well?
Thank you for your time.
Regards,
Jason
2002 Dec 07
6
More speedups in CVS
The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup
of ''shorewall restart'' on my firewall when compared to 1.3.11a.
Please test with these files -- I don''t anticipate making any more
performance changes for 1.3.12 and I want to be sure that I didn''t break
anything.
-Tom
--
Tom Eastep \ Shorewall
2005 May 23
17
What is going on now?
Hi,
I read the news about Tom Steps quit. I use shorewall for some days now
and as many people I ike it very much. I asked Tom in a personal mail,
what could be done to continue the project and he told me I had to
subscribe to this list.
My ideas where:
a) Mirroring the site
b) I would like to study the code and help
c) I am studying computer science and I could ask some teachers and
friends
2003 Mar 08
1
Shorewall suggestions
Just a note to mention that I have been using the RC1 release at work
for a simple one interface firewall. No problems that I have seen.
We use Solaris, AIX, Tru64, and Linux in my group at the U of W.
I know some IP filter package is available on Solaris and Tru64. On the
Tru64 system you can configure an interface with a list of cidr notation
subnets to accept or deny access. I reformatted
2003 Mar 23
5
Shorewall 1.4.1a
Rather than have lots of folks downloading a version with a broken ''check''
command, I''ve released 1.4.1a that corrects the problem.
Sorry for the back-to-back releases today...
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net
2003 Jul 25
16
"shorewall stop"
Although Shorewall provides safeguards against it, people seem to
regularly shoot themselves in the foot when doing remote system
administration. I''ve been thinking about this problem and wonder if a
change to the way that "shorewall stop" behaves might help.
Today, "shorewall stop" stops all traffic except to/from those
destinations listed in
2004 Feb 11
4
Shorewall, ipp2p and ipt_CONNTRACK
Hi!
Taking into consideration the great speed with which the use of P2P
filesharing systems is expanding, is there any plan of including ipp2p
and ipt_CONNTRACK support into shorewall? I''m sure that many admins
managing gateways would be very happy about it...
Thanx,
--
Mario R. Pizzolanti <mario@zavood.ee>
Zavood O?
2003 Aug 06
3
New in CVS
The generic tunnel support that I posted about yesterday has been
updated:
a) A bug that caused [re]start errors has been corrected.
b) A list of zones may now be included in the third column of
/etc/shorewall/tunnels; the semantics are the same as for ipsec tunnels.
In addition, the ADDRESS column in /etc/shorewall/masq may now contain a
comma-separated list of IP ranges/addresses. This enables
2004 Jan 20
6
[PATCH] Marking packets according to user in tcrules
Hi,
First of all, thanks to all shorewall developers. Shorewall is really
great.
Here is a patch to add the following feature :
This patch allows you to mark packets according to the user name under
which the program generating output is running.
To do so, the patch will allow you to write rules in the tcrules file
looking like that :
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
#
2008 Dec 31
5
"ERROR: Unknown host - any host" My configuration suddenly don't work, why?
Hi, i have been using shorewall for 3 months, and shorewall was working
well, but i don''t know why, when I type "shorewall start" o "shorewall
restart", it says that.
I have two files of rules:
The first:
DNS/ACCEPT net:208.67.222.222,208.67.220.220
The second:
DNS/ACCEPT net:208.67.222.222,208.67.220.220
HTTP/ACCEPT net:www.google.com,mail.google.com,...
2003 Feb 21
2
Shorewall 1.4 will require the iproute package
Subject says it all...
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net
2003 Aug 20
1
Redesigned Accounting
The current CVS version (/Shorewall project) contains a redesigned IP
accounting facility. The new facility is:
a) Much simpler. :-)
b) More flexible. :-)
c) Compatible with bw-acct. :-)
c) Incompatible with the previous implementation :-(
There''s a new Accounting Page available at:
http://shorewall.net/AccountingNew.html
On top of Snapshot 20030813:
a) Move the