Displaying 20 results from an estimated 7000 matches similar to: "Feature request: script generation"
2003 Feb 24
2
Shorewall / nmap question
I made the following adjustments to /etc/shorewall/common.def (1.3.13 with
all relevant patches).
############################################################################
# Shorewall 1.3 -- /etc/shorewall/common.def
#
# This file defines the rules that are applied before a policy of
# DROP or REJECT is applied. In addition to the rules defined in this file,
# the firewall will also define a
2004 Aug 07
11
Traffic shaping?
Ok, shaping on Linux is new to me.. so bear with me if i am just stupid.
curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^#
TCP_FLAGS_LOG_LEVEL=info
TC_ENABLED=Yes
CLEAR_TC=Yes
TCP_FLAGS_DISPOSITION=DROP
curtain:/etc/shorewall#
So it should be enabled, right?
---- tcrules ----
1 eth0 0.0.0.0/0 all
2 eth1 0.0.0.0/0 all
2 eth2 0.0.0.0/0
2003 Jan 01
8
Wondershaper
Season Greetings to all
Tom, in your faq, u have this noted:
While I am currently using the HTB version of The Wonder Shaper (I just
copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in
the Wondershaper README),
I treid this with wondershaper, using Bearing Leaf 1.0 stable
i even changed the tc command to run_tc, and tried it in both angles,
and i receive the following..
2012 Jan 22
4
Proxyndp issue
Tom
In Shorewall6 4.4.27 the following proxyndp entry:
2001:4d48:ad51:24::f3 eth2 eth0 no no
does not add the required route.
The code produced in /var/lib/shorewall6/.restart is:
qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add
2001:4d48:ad51:24::f3/128 dev eth2
Splitting the line into 2 separate lines:
qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2
2003 Jan 06
3
ipsec nat-traversal
It seems to me that ipsecnat tunnel type is not complete.
Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal
communications. (It''s called port floating). That is needed to get rid
of ugly ipsec passthru devices.
Now ipsecnat opens port udp/500 from any source port.
And I think ipsecnat won''t work at all with gw zone defined? I''m not
sure about
2002 Aug 31
3
HTB shares equally when borrowing enabled :(
Hi,
I''m fighting seriously with a most simple HTB setup. I''d like to share
the incoming 64kbps into 5 and 59 for two different machines under NAT.
HTB seems to hold the required limits when ceil is not set (no
borrowing), but when borrowing enabled it seems to share equally rather
then keeping the specified ratio.
My setup is below. A typical output of "tc -s -d qdisc
2002 Jun 09
1
Hard disk image to use with Memdisk
Hallo
I would like to have an image of about 8Mb to boot with ISOLINUX and
MEMDISK. I am not able to create an image complete of the MBR, as MEMDISK
requires. I think I should emulate an 8Mb disk in memory or on a file, but I
am able to do so only for a 'single partition'. Could you please suggest me
a way to obtain the image? I can use Linux or Windows tools, it does not
matter.
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2009 Apr 30
15
Shorewall Firewall con Openswan and OpenVPN
Hello guys,
I past the last days trying to configure my shorewall 4.06 firewall to
allow openvpn bridging connection.
My scenario is the following:
roadwarrior (openvpn client) -------------> Internet ------------>
(X.Y.W.Z - eth0) Firewall/Gateway (10.x.x.254 - eth1) --------> Local
Lan -------> OpenVPN Server (10.x.x.249 - br0)
where 10.x.x.0-254 is my private lan
X.Y.Z.W is
2004 Aug 07
1
Bug in docu?
http://www.shorewall.net/traffic_shaping.htm
Page says
run_tc qdisc add dev eth0 parent 1:10 pfifo limit 5run_tc qdisc add dev eth0 parent 1:20 pfifo limit 10
Im willing to _bet_ there is a line feed missing in there ;)
2008 May 11
13
Message flooding of syslog
Greetings;
My syslog is getting 100s of thousands of messages like
the following (these are just a sample); (BTW I am
running Debian/lenny)
> May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0
> May 11 12:41:31 gatekeeper kernel:
2004 Sep 20
2
After upgrade people can no longer connect
Hello Tom,
I''ve been using Shorewall for years without problems. My previous version of
shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using
rpm to 2.0.8-1. After update no one can connect to any interface from net.
Server can connect to outside world fine and those described in routestopped
have no problem connecting. Any help correcting this problem would be
2005 Feb 01
5
Shorewall configuration - ''run_iptables''-problem
[This email is either empty or too large to be displayed at this time]
2003 Jul 04
2
Too many logs...
Hi to all,
I''d like to cut some log in /var/log/messages, as of netbios and ping
entries.
There are some particular rules in shorewall 1.4.5?
I''ve tried with "run_iptables -A common -p udp --sport 138 -mstate --state
NEW -j DROP" but it contiunes to send to log every netbios attempt.
Also I don''t want to disable ping from loc to net, and from fw to net.
Thanks
2012 May 08
19
Shorewall, TPROXY, Transparent Squid and Multiples ISP
Hello,
I wonder if someone could use the TPROXY with Shorewall and
transparent Squid with using the routing rules on shorewall
(tcrules) for hosts / networks (LAN) with multiples providers (WANs)
directly from the internal network on port 80 (with TPROXY
transparent squid or REDIRECT).
On this issue, the routing rules is not work propertly because the
source is the
2005 Mar 15
2
shorewall restart with keepalived (redundant firewalls)
Hello,
First , thanks to Tom for it''s great job ! Netfilter is really easy
and powerfull with shorewall.
So, I have configured two firewalls whith shorewall using keepalived
for the redundant VRRP stuff.
FW-a is MASTER and FW-b is BACKUP.
Everything works correctly and FW-b upgrade to MASTER when FW-a is
down or disconnected. FW-b downgrade to BACKUP when FW-a comes back.
But when I
2005 Mar 01
1
Logging patch
Hi,
I''ve attached a patch which fixes a logging problem with
log_rule_limit in custom actions. E.g. this action:
,----[ Whitelist ]
| if [ -n "$LEVEL" ]; then
| run_iptables -N ${CHAIN}Add
| log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT" $TAG
| run_iptables -A ${CHAIN}Add -j DROP
| run_iptables -N ${CHAIN}Del
| log_rule_limit
2002 May 14
4
Redirect loc::80 to fw::3128 not work
The rule:
ACCEPT loc $FW::3128 tcp www
doesn''t work propertly, the http access does not redirect
to squid but directly exit.
what''s wrong?
Thanks
-------
Dario Lesca (d.lesca@ivrea.osra.it)
--------------------------------------
@@@@@@@ this is my shorewall-1.2.13 config:
#[/etc/shorewall/common.def]-----------------------------------------------
2004 May 07
5
mark ack with shorewall 2.x
Hi!
how can I mark ack packets with shorewall 2.x?
(In 1.x I have done it with own rule in common file)
TiA
CU
2013 Dec 17
1
shorewall add fails with IPSET=
Hi all
I have a CentOS6 box with shorewall-4.5.21.
If I have IPSET= in shorewall.conf and I issue the command "shorewall add
ppp:192.168.33.3 ptp", I get the error:
/usr/share/shorewall/lib.cli: line 585: [: too many arguments
ERROR: Zone ptp, interface ppp does not have a dynamic host list
The error is corrected setting the actual path to ipset in shorewall.conf,
or via the patch: