Displaying 20 results from an estimated 40000 matches similar to: "iptables-save/iptables-restore"
2004 Aug 24
3
iptables-1.2.9 RPM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''ve built a 1.2.9 iptables RPM that corrects the two iptables-save
problems that I know about. It is available at:
http://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm
ftp://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm
I''m using this on SuSe 9.1 -- for other distros, YYMV...
This RPM works
2004 Jan 31
5
Shorewall 2.0.0 Alpha 1
http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2004 Apr 20
2
Rule-specific Log Prefixes
The current CVS Project Shorewall2/ contains my implementation of this
feature. Thanks go to Xavier for ideas about the design.
Xavier -- please give my code a try and see if it works ok for you.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Sep 13
17
Problem with openvpn tunnel
Hello,
I have the following situation :
Server with 2 nics
1 nics connected to the internet, 1 connected to the LAN
I have OpenVPN running on the system and the following setting in the
tunnels file :
===================================
openvpn:2000 net 62.58.0.226
openvpn:2001 net 62.58.0.226
openvpn:2002 net 62.58.0.226
===================================
All tunnels ran for weeks
2004 Feb 28
8
Looking for a Volunteer
The 2.6 kernel series includes Netfilter ''physdev'' match support. That support
makes it feasible for Shorewall to support bridge/firewall configurations.
I''m looking for early testers of such support.
Requirements:
a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in a day
or so) plus private updates.
b) Running a 2.6 kernel or a 2.4 kernel with
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2005 May 17
1
Support for inbound traffic from multiple ISPs in CVS
The Shorewall2/ project in CVS contains my initial attempt to establish
correct routing for traffic forwarded from two different ISPs to
internal servers.
>From the release notes:
Shorewall 2.3.2 includes support for multiple Internet interfaces to
different ISPs. This feature is enabled by setting the "default"
option for each Internet interface in
2005 Mar 15
2
New feature for Shorewall 2.2.3
The following is taken from the Release notes for 2.2.3 (which will be
released in a month or so).
2) There has been ongoing confusion about how the
/etc/shorewall/routestopped file works. People understand how it
works with the ''shorewall stop'' command but when they read that
''shorewall restart'' is logically equivalent to ''shorewall
2004 Oct 17
8
Shorewall and IPP2P
Hi!
I''m wondering whether anyone has successfully set up a bandwidth control
system using ipp2p and shorewall. I have been able to drop connecions
altogether, but I don''t seem to be able to get CONNMARK working with ipp2p.
Any pointers would be greatly appreciated :)
______________________________
Mario R. Pizzolanti
2004 Dec 08
9
Kernel/iptables question
As suggested here:
http://lists.shorewall.net/pipermail/shorewall-users/2004-October/015097.html
I''ve run:
adam@shrike:~$ /sbin/iptables -m policy --help
iptables v1.2.11
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
--snip--
And:
adam@shrike:~$ sudo
2004 Mar 06
16
Bridging Update
The bridging documentation (http://shorewall.net/2.0/bridge.html) has been
expanded and there is a refresh of the bridging code
(ftp://shorewall.net/pub/shorewall/Bridging and
http://shorewall.net/pub/shorewall/Bridging).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 Apr 21
4
PAT problem
Hello everybody,
I want to solve the following problem with Shorewall:
I have a computer with one NIC (eth0) with an internal IP address
(10.1.x.x), which is supposed to accept connections from various
clients (10.2.x.x) and redirect them to another IP address (10.3.x.x)
with a different destination port.
For example:
The software on the client computer is told to connect to the
Shorewall
2004 Mar 18
5
Shorewall 2.0.1 Beta 1
http://shorewall.net/pub/shorewall/Beta
ftp://shorewall.net/pub/shorewall/Beta
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Nov 27
16
bridge and dynamically adding hosts to zones
Hi,
I''ve set up a bridge which connects two parts of the same subnet with
each other.
I''ve set up everything as described in the Documentation and it works
very nicely.
However: I have a problem with adding hosts to zones dynamically.
The zone I want to add hosts to is called ''work''.
Since only the bridge br0 is defined in /etc/shorewall/interfaces
2004 Dec 14
4
ipsec-netfilter patches for 2.6.9
The patches may be found at:
http://shorewall.net/pub/shorewall/contrib/IPSEC
ftp://shorewall.net/pub/shorewall/contrib/IPSEC
I found these patches on the netfilter-devel list and make no warranties
as to how well they work (or not).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2004 May 07
5
mark ack with shorewall 2.x
Hi!
how can I mark ack packets with shorewall 2.x?
(In 1.x I have done it with own rule in common file)
TiA
CU
2004 Feb 08
3
Shoerwall 1.4.10a
This is a rollup of two fixes:
a) A fix for obscure [re]start errors involving the /etc/shorewall/masq
file.
b) A change which allow ''maclist'' with Atheros WiFi cards.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2003 Oct 13
4
Short Netfilter Overview
For some time, I have been working half-heartedly on a document that
details how Shorewall uses Netfilter. I have finally come to terms with
the fact that I am changing Shorewall at a much faster rate than I am
writing the paper with the result that the paper will never be finished.
To try to help people understand the structure of a Shorewall-generated
ruleset, I have therefore written a brief
2004 Aug 10
11
who gives access? was: why ADD_DNAT_ALIASES missing?
hi,
there was some email problems and i repeat my question too fast, but
this is the second part of my questions.
- only the rules and policy files give access right? ie. rules in the
FORWARD chain of the filter table in iptables ?
- is a line in masq file automaticaly add an accept rule too? eg. in
msaq file
eth0 <internal ip>
allow connection from <internal ip> (local zona) to the