similar to: Feature request: script generation

Displaying 20 results from an estimated 7000 matches similar to: "Feature request: script generation"

2003 Feb 24
2
Shorewall / nmap question
I made the following adjustments to /etc/shorewall/common.def (1.3.13 with all relevant patches). ############################################################################ # Shorewall 1.3 -- /etc/shorewall/common.def # # This file defines the rules that are applied before a policy of # DROP or REJECT is applied. In addition to the rules defined in this file, # the firewall will also define a
2004 Aug 07
11
Traffic shaping?
Ok, shaping on Linux is new to me.. so bear with me if i am just stupid. curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^# TCP_FLAGS_LOG_LEVEL=info TC_ENABLED=Yes CLEAR_TC=Yes TCP_FLAGS_DISPOSITION=DROP curtain:/etc/shorewall# So it should be enabled, right? ---- tcrules ---- 1 eth0 0.0.0.0/0 all 2 eth1 0.0.0.0/0 all 2 eth2 0.0.0.0/0
2003 Jan 01
8
Wondershaper
Season Greetings to all Tom, in your faq, u have this noted: While I am currently using the HTB version of The Wonder Shaper (I just copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in the Wondershaper README), I treid this with wondershaper, using Bearing Leaf 1.0 stable i even changed the tc command to run_tc, and tried it in both angles, and i receive the following..
2012 Jan 22
4
Proxyndp issue
Tom In Shorewall6 4.4.27 the following proxyndp entry: 2001:4d48:ad51:24::f3 eth2 eth0 no no does not add the required route. The code produced in /var/lib/shorewall6/.restart is: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add 2001:4d48:ad51:24::f3/128 dev eth2 Splitting the line into 2 separate lines: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2
2003 Jan 06
3
ipsec nat-traversal
It seems to me that ipsecnat tunnel type is not complete. Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal communications. (It''s called port floating). That is needed to get rid of ugly ipsec passthru devices. Now ipsecnat opens port udp/500 from any source port. And I think ipsecnat won''t work at all with gw zone defined? I''m not sure about
2002 Aug 31
3
HTB shares equally when borrowing enabled :(
Hi, I''m fighting seriously with a most simple HTB setup. I''d like to share the incoming 64kbps into 5 and 59 for two different machines under NAT. HTB seems to hold the required limits when ceil is not set (no borrowing), but when borrowing enabled it seems to share equally rather then keeping the specified ratio. My setup is below. A typical output of "tc -s -d qdisc
2002 Jun 09
1
Hard disk image to use with Memdisk
Hallo I would like to have an image of about 8Mb to boot with ISOLINUX and MEMDISK. I am not able to create an image complete of the MBR, as MEMDISK requires. I think I should emulate an 8Mb disk in memory or on a file, but I am able to do so only for a 'single partition'. Could you please suggest me a way to obtain the image? I can use Linux or Windows tools, it does not matter.
2005 Apr 19
14
allow ssh access from net to fw?
Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH
2009 Apr 30
15
Shorewall Firewall con Openswan and OpenVPN
Hello guys, I past the last days trying to configure my shorewall 4.06 firewall to allow openvpn bridging connection. My scenario is the following: roadwarrior (openvpn client) -------------> Internet ------------> (X.Y.W.Z - eth0) Firewall/Gateway (10.x.x.254 - eth1) --------> Local Lan -------> OpenVPN Server (10.x.x.249 - br0) where 10.x.x.0-254 is my private lan X.Y.Z.W is
2004 Aug 07
1
Bug in docu?
http://www.shorewall.net/traffic_shaping.htm Page says run_tc qdisc add dev eth0 parent 1:10 pfifo limit 5run_tc qdisc add dev eth0 parent 1:20 pfifo limit 10 Im willing to _bet_ there is a line feed missing in there ;)
2008 May 11
13
Message flooding of syslog
Greetings; My syslog is getting 100s of thousands of messages like the following (these are just a sample); (BTW I am running Debian/lenny) > May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 > May 11 12:41:31 gatekeeper kernel:
2004 Sep 20
2
After upgrade people can no longer connect
Hello Tom, I''ve been using Shorewall for years without problems. My previous version of shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using rpm to 2.0.8-1. After update no one can connect to any interface from net. Server can connect to outside world fine and those described in routestopped have no problem connecting. Any help correcting this problem would be
2005 Feb 01
5
Shorewall configuration - ''run_iptables''-problem
[This email is either empty or too large to be displayed at this time]
2003 Jul 04
2
Too many logs...
Hi to all, I''d like to cut some log in /var/log/messages, as of netbios and ping entries. There are some particular rules in shorewall 1.4.5? I''ve tried with "run_iptables -A common -p udp --sport 138 -mstate --state NEW -j DROP" but it contiunes to send to log every netbios attempt. Also I don''t want to disable ping from loc to net, and from fw to net. Thanks
2012 May 08
19
Shorewall, TPROXY, Transparent Squid and Multiples ISP
Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the
2005 Mar 15
2
shorewall restart with keepalived (redundant firewalls)
Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I
2005 Mar 01
1
Logging patch
Hi, I''ve attached a patch which fixes a logging problem with log_rule_limit in custom actions. E.g. this action: ,----[ Whitelist ] | if [ -n "$LEVEL" ]; then | run_iptables -N ${CHAIN}Add | log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT" $TAG | run_iptables -A ${CHAIN}Add -j DROP | run_iptables -N ${CHAIN}Del | log_rule_limit
2002 May 14
4
Redirect loc::80 to fw::3128 not work
The rule: ACCEPT loc $FW::3128 tcp www doesn''t work propertly, the http access does not redirect to squid but directly exit. what''s wrong? Thanks ------- Dario Lesca (d.lesca@ivrea.osra.it) -------------------------------------- @@@@@@@ this is my shorewall-1.2.13 config: #[/etc/shorewall/common.def]-----------------------------------------------
2004 May 07
5
mark ack with shorewall 2.x
Hi! how can I mark ack packets with shorewall 2.x? (In 1.x I have done it with own rule in common file) TiA CU
2013 Dec 17
1
shorewall add fails with IPSET=
Hi all I have a CentOS6 box with shorewall-4.5.21. If I have IPSET= in shorewall.conf and I issue the command "shorewall add ppp:192.168.33.3 ptp", I get the error: /usr/share/shorewall/lib.cli: line 585: [: too many arguments ERROR: Zone ptp, interface ppp does not have a dynamic host list The error is corrected setting the actual path to ipset in shorewall.conf, or via the patch: