similar to: Rule-specific Log Prefixes

The Shorewall2/ project in CVS contains my initial attempt to establish correct routing for traffic forwarded from two different ISPs to internal servers. >From the release notes: Shorewall 2.3.2 includes support for multiple Internet interfaces to different ISPs. This feature is enabled by setting the "default" option for each Internet interface in

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

I''ve gotten the basic code working on my firewall. So that I can quickly get back online if I screw up, I''m currently calling it shorewall2. That way if it screws up I can just "shorewall restart". /sbin/shorewall2 -- command interpreter /etc/shorewall2/ -- configuration files /usr/share/shorewall2/ -- shared files Both Shorewall and Shorewall2 use the

The version of Shorewall currently in CVS (Shorewall2/ project) has been integrated with iptables-save/iptables-restore. This provides the means to start and restart shorewall very quickly (mine restarts in under a second) in the case where you are not changing your configuration. The release notes are attached. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > > #--- file: policy --- > #vpn policies: > loc vpn ACCEPT info > fw vpn ACCEPT info > vpn loc ACCEPT info > vpn fw ACCEPT info > > net

I''ve opened the Shorewall 2.3 thread in the Shorewall2/ CVS project. The config files all show version 2.4 -- that saves me having to edit each one of them again when I move from 2.3->2.4. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iptables=save is producing bad output for rules involving policy match. I''ve checked in a version of /sbin/shorewall to the Shorewall2/ CVS project that compensates for this bug. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

If you are willing to patch your iptables and kernel to support the ROUTE target, the code in CVS project Shorewall2/ now supports very flexible routing. As an example, I run Squid in my DMZ for transparent proxy. Rather than the complex routing setup described in http://shorewall.net/Shorewall_Squid_Usage.html, I now use this single entry in /etc/shorewall/routes to route all HTTP requests from

If you encounter strange problems with the Beta then either set IPTABLES (in shorewall.conf) to point to the iptables binary that you normally use or download and install the ''/sbin/shorewall'' program from CVS (Shorewall2/ project). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

If you encounter strange problems with 2.1.2 and are using a shell other than bash, you might try installing the ''functions'' file from CVS Shorewall2/. It corrects a problem that I ran into with ''ash''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Robin Lynn Frank wrote: > > My question is why is the rule successful only until the shorewall box > is rebooted? When you re-boot, Shorewall is started with the "-f" (fast) option. This means that if there is a restore file generated by a "shorewall save" command (as given by the RESTOREFILE setting in shorewall.conf) then Shorewall is restored from that file

Attached please find updated build and publish scripts. They set the ''ulink.target'' parameter appropriately when converting docbook->HTML. I have always hacked my xhtml/params.xsl file to set this parameter; these updated scripts make that abomination unnecessary. Paul/Mike: It might be a good idea to add a CVS project for these scripts. -Tom -- Tom Eastep \ Nothing is

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

In policy $FW Net ACCEPT Dump.rar join THX -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 12 octobre 2006 21:22 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > >

Simon Mater has graciously volunteered to provide RPMs taylored for Redhat and Fedora. You can download Simon''s RPMs from http://www.invoca.ch/pub/packages/shorewall/ Thanks, Simon! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Simon Matter has graciously volunteered to provide RPMs taylored for Redhat and Fedora. You can download Simon''s RPMs from http://www.invoca.ch/pub/packages/shorewall/ Thanks, Simon! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

I found that in my kernel config : # CONFIG_NET_KEY is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set But no CONFIG_IP_ROUTE_MULTIPATH_CACHED. -----Message