similar to: Debian Package Behavior Suggestion

hi, while stopping shorewall 4.5.21.2 on a debian7 box with the ADMINISABSENTMINDED set to no in shorewall.conf, the connections on vlan tagged interfaces that were active before the shorewall stop command was executed are not terminated as it is for the firewall and other interfaces! when the firewall is stopped as expected new connections on vlan tagged interface are refused but even

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

Hello. I'm getting trouble with the ADMINISABSENTMINDED option, it doesn't seem to work as stated in the manual. When using the default ADMINISABSENTMINDED=Yes and no routestopped file, here are the firewall state after executing shorewall stop : Chain INPUT (policy DROP 473 packets, 106K bytes) pkts bytes target prot opt in out source destination

Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has established a mirror of the Shorewall web site. http://italy.shorewall.net http://cert-it.dico.unimi.it/shorewall Thanks Lorenzo! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hi all, is it possible configure Shorewall in bridge mode and, in the same box, utilize Squid in transparent mode? I''m triing to do this, but the REDIRECT rule doesn''t work. I''ve already read http://www.shorewall.net/bridge.html to configure the bridge and work fine for me, but when I add the rule for transparent proxy

Hello, the debian package for shorewall-1.4.4 is ready. It''s available at http://idea.sec.dico.unimi.it/~lorenzo/debian/shorewall/ -- lorenzo

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

Shorewall 1.4.7 is now available at: http://shorewall.net/pub/shorewall/shorewall-1.4.7 ftp://shorewall.net/pub/shorewall/shorewall-1.4.7 It will be available at your favorite mirror shortly. The release notes are attached. As always, many thanks go to Francesca Smith for updating the sample configurations for this release. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently

Hi, i have been using shorewall for 3 months, and shorewall was working well, but i don''t know why, when I type "shorewall start" o "shorewall restart", it says that. I have two files of rules: The first: DNS/ACCEPT net:208.67.222.222,208.67.220.220 The second: DNS/ACCEPT net:208.67.222.222,208.67.220.220 HTTP/ACCEPT net:www.google.com,mail.google.com,...

------------ Forwarded Message ------------ Date: Tuesday, January 28, 2003 10:19 AM +0100 From: Lorenzo Martignoni To: Tom Eastep Subject: shorewall 1.3.13-3 I built a new debian version for shorewall-1.3.13: shorewall (1.3.13-3) unstable; urgency=high * fixed a bug in shorewall.conf: SHARED_DIR was pointing to the old location of shorewall scripts, now moved to

Dear All, I think I have a useful idea for how shorewall startup could be speeded up in a more automatic manner. Apologies if this is daft, but I think it might work.... Motivation: not all users understand the intricacies of shoreall beyond using the distro setup tool. [And on this particular laptop, shorewall takes 15 seconds during boot.] I have already read this (about shorewall

I build the debian package for the latest version. Changes: shorewall (1.3.14beta2-1) unstable; urgency=low . * new beta release * added a warning message in the preinst script to inform users about the new way to handle ICMP. Files: 1848d430cab647c2e242890baf0367a2 774 net optional shorewall_1.3.14beta2-1.dsc 7577fc8de223fbab0609b3d664e4eee7 1611986 net optional

Hi R users, I need to draw a map of select European countries with country names shown on the map. Does anyone know how to do this in R? Also, is it possible to draw a historical map of European countries using R? Thanks a lot for your help. Maomao [[alternative HTML version deleted]]

Lorenzo Marignoni reports that: o Shorewall 1.2.10 is in the Debian Testing Branch o Shorewall 1.2.11 is in the Debian Unstable Branch Thanks, Lorenzo! -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Dear helpeRs, I'm working with the map-package and came upon a problem which I couldn't solve. I hope onee of you can. If not, this can be seen as a suggestion for new versions of the package. I'm trying to create a map of some European countries, filled with colors corresponding to some values. Let's say I have the following countries and I assign the following colors

On 02/10/2018 18:46, Larry Martell wrote: > I got 2 years of work solving the year 2000 issue. I don't think I've ever said this but I am very envious of all these people who had loads of work due to Y2K or were paid obscene amounts of money to tend systems over new year's eve/day. I was working for an ISP at the time and got none of this. Nothing happened. I don't even recall

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH