similar to: Re: [Shorewall-newbies] specific log-prefix ... patch

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has

I found a minor problem in new logging system. New logging system limits zone-names effectively to 4 characters. If you have REJECT policy between 2 zones which have 5 characters long, here example ipsec zone, I iptables will give error because logprefix is limited to 29 characters. --log-prefix "Shorewall:ipsec2ipsec:1:REJECT:" So zone names should be limited to 4 characters or

How does LOGFORMAT in shorewall.conf control the length of the zone name as discussed in the zones man page? The default max length is 5. What would I specify in LOGFORMAT to allow a 6 character zone name? ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging,

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban itself went to syslog, over riding its fail2ban.log. took a while, but I use /var/log/fail2ban now, that finally worked through logrotates and logwatch.

I think you can change the existing firewall logging code for log_rule_limit (where you have one case for for LOGRULENUMBERS and another almost identical case without) down to this slightly shorter version with no duplication (excerpt): if [ -n "$LOGRULENUMBERS" ]; then eval rulenum=\$${chain}_logrules [ -z "$rulenum" ] && rulenum=1 fi case

Hi All, I'm running our network with an 10/8 IPv4 subnets, with an SNAT catch all rule on the iptables firewall to the world. Is there a pratical way to log each connection? Maybe an "automatic hotspot" wich will assign an "external" IP to each "internal" one, and log it. What are you using folks? Thanks, Antonio. --

Hi, I''ve attached a patch which fixes a logging problem with log_rule_limit in custom actions. E.g. this action: ,----[ Whitelist ] | if [ -n "$LEVEL" ]; then | run_iptables -N ${CHAIN}Add | log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT" $TAG | run_iptables -A ${CHAIN}Add -j DROP | run_iptables -N ${CHAIN}Del | log_rule_limit

I was wondering if anyone had implemented rules like this in shorewall: http://blog.andrew.net.au/tech I see tons of brute force attempts on the machines I administer, and I like the idea of limiting them without the need for extra daemons scanning for attacks. Thanks, Dale -- Dale E. Martin - dale@the-martins.org http://the-martins.org/~dmartin

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

I am puzzled. I started setting up a new box last week with Linux 2.6.10. Everything was working fine until I went to start shorewall, when all network traffic stopped. I have little doubt that it is because I missed something in configuring the machine. I''m running shorewall 2.2 and the zone, policy, and rules files are cut and paste from a machine that has been running for over a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This package provides the X Window System documentation that doesn't belong in a more specific package. It used to provide a lot of docs that did belong in more specific packages, but that has largely been corrected in this release: git diff --shortstat xorg-docs-1.5..xorg-docs-1.5.99.901 155 files changed, 27570 insertions(+), 112431

I have an application that analyzes fibre channel traces that I am trying to get working in Wine. I downloaded winetricks and installed the .Net 2.0 framework, the MFC libraries and th VC++2005SP1 libraries the app needs. Then I installed it using the wine msiinstaller command. Installation ran through, but when I try to run the app I get this output. I know the files are there, I copied the