similar to: Change in list policy

My apologies if a message containing this virus made it out to the list -- the list received a flood of these just before a Vexira VDF update was available. I believe that all of them were quarantined as Spam but one may have slipped through. It is difficult for me to tell because one instance apparently had a forged envelope sender address of <shorewall-users@shorewall.net> so the list

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iptables=save is producing bad output for rules involving policy match. I''ve checked in a version of /sbin/shorewall to the Shorewall2/ CVS project that compensates for this bug. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

FYI This bug will prevent ''shorewall restore'' from working if you have "!<single IP address>" in the ORIGINAL DEST column. -Tom ---------- Forwarded Message ---------- Subject: [PATCH] Another iptables-save buglet Date: Wednesday 14 September 2005 15:09 From: Tom Eastep <teastep@shorewall.net> To: netfilter-devel@lists.netfilter.org The conntrack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > > #--- file: policy --- > #vpn policies: > loc vpn ACCEPT info > fw vpn ACCEPT info > vpn loc ACCEPT info > vpn fw ACCEPT info > > net

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

I have just uploaded a new version of the 2.0.2b .lrp: http://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp ftp://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp This version already includes the normal LEAF changes that are present in the shorewall.lrp distributed with Bering and Bering-uClibc. Thanks to K.-P. Kirchdörfer, future versions of the .lrp will

For several years, this list has been moderated for non-member posts. I''ve found that this is a pain for me (I have to wade through the spam to find and approve legitimate posts). Additionally, non-members seem to almost universally ignore instructions to mention that they are non-members in their post. Since the mailing list is set up so that replies go to the list rather than to the

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running, > but I still have a problem: > > Validating hosts file... > Error: Your kernel and/or iptables does not not support policy match: ipsec > > I had a look for netfilter patch-o-matic, but I did not find the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

Thanks for such a quick reply Tom! Any suggestions then as to what I might do other than putting a second nic in the SBS and opening it up for web access? I don''t like the idea, but since MS SBS includes fireall that is actually what MS suggests. Boyd -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: January 3, 2005 3:05 PM To: Shorewall Users Cc: Boyd

FYI -- A small blurb on page 45. -------- Original Message -------- Subject: Shorewall in (IN)SECURE Magazine Date: Tue, 16 Aug 2005 00:10:51 +0200 From: Mirko Zorz <mirko.zorz@net-security.org> To: teastep@shorewall.net Hello Tom, I thought you would be interested to know that Shorewall has been featured in the Software Spotlight section of the third issue of (IN)SECURE, a free security

Hi Tom, Many thanks for that, that''s really helped. Netfilter is indeed dropping the packets as invalid. Thanks and regards, Frances -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: 23 March 2007 18:05 To: Shorewall Users Subject: Re: [Shorewall-users] Expected handling of [SYN] when expecting[SYN, ACK]? Frances Flood wrote: > Basically, if the

Note: Because of the short time that has elapsed since the release of Shorewall 2.2.0, Shorewall 2.0 will be supported until 1 December 2005 or until the release of Shorewall 2.6.0, whichever occurs first. http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 ftp://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool

The current thread on the User''s List entitled "Multi-ISP in 2.4.0" includes the following tcrules file: ############################################################################ ## #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST # PORT(S) 201:P eth2 ppp1

Remember that when a network interface goes down, the kernel automatically deletes all routes through that interface. That includes routes in alternate routing tables that Shorewall has added as part of the multi-ISP feature. Bottom line: Shorewall must be restarted if any interface specified in the /etc/shorewall/providers file goes down then comes back up. -Tom -- Tom Eastep \ Nothing is

The user''s list has controls on the size of posts that it will accept without moderation. This is done so that the entire list isn''t spammed with 800kb trace files or hi-rez diagrams of someone''s network. When a post exceeds the limit (currently 120kb), the moderator receives a message. It is then necessary to log onto the list server and to either approve or reject

I''ve opened the Shorewall 2.3 thread in the Shorewall2/ CVS project. The config files all show version 2.4 -- that saves me having to edit each one of them again when I move from 2.3->2.4. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \