similar to: "shorewall stop"

Hi all, I''m working on a patch for shorewall to make it run with a Crossbeam X40 machine (www.crossbeamsystems.com) and I would like to know where to send it, is this list the correct location?. The patch is necesary because of Crossbeam X series running mode: when you make a shorewall start, restart or clear, there are a packet dropping until shorewall is Started or cleaned. At

Hi, I read the news about Tom Steps quit. I use shorewall for some days now and as many people I ike it very much. I asked Tom in a personal mail, what could be done to continue the project and he told me I had to subscribe to this list. My ideas where: a) Mirroring the site b) I would like to study the code and help c) I am studying computer science and I could ask some teachers and friends

I believe that 2.4.0 is about ready to be sent out the door. I''ve made a couple of small changes since RC2 but I don''t believe that they warrant another RC. There remains the issue of what to do about support for Shorewall 2.0 given that 2.2 has only been available since March. It would be my recommendation to make 2.4 the new "stable" release but continue to

Hiya, > Ok with me -- if I get too frustrated with DocBook, I''ll just start > editing the HTML again. > > -Tom > Well the fact that VIM is supported by Docbook is a plus .. But I still think the Wiki idea is well .. Lets get the doc at a CVS and Docbook stage .. Walking before running .. plz plz .. Francesca PS: I have thrown Windoze out the Window here (Pardon The

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

Tom, I was upgrading a remote firewall, when upon restart, shorewall found a rule with a wrong zone and decided to not continue and stop itself. The problem now, is I cannot access that firewall over ssh anymore. One suggestion would be to instead of "shorewall stop" to have a basic emergency rule with only ACCEPT:info all all tcp ssh rule instead with DROP all policy. Shorewall could

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

Hi, I''ve noticed that if I have NIS enabled then shorewall will fail to start correctly as there is a brief time during startup (and restart) that the network is wholly disconnected causing NIS to object during RPC. The problem appears to be that during initialization and building of the chains the default is to allow existing connections and internal traffic to/from loopback,

Greetings, What programming languages besides shell scripting are used in shorewall? What knowledge is needed to help in shorewall development? I figure iptables is a goood bet but is there anything else as well? Thank you for your time. Regards, Jason

http://shorewall.net/pub/shorewall/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi I have recently reconfigured my system to a Bridge based architecture on the basis that I have an ADSL Modem/Router with a Public address on the Wan side and a Private address on the Lan side. I am running a Debian based system kernel 2.6.7 and the Bridging software is installed and working correctly, including startup etc. The problem that I have is in "shorewall start" The

Hi! I am looking for suggestions how I can add rules (or change the configuration otherwise) without interrupting of services. Right now, when I need to do a ''shorewall restart'' all services are not available during this time. I tried playing with the ''routestopped'' parameter but without success. How do you get around this? Thanks in advance, Christian

Hi! Taking into consideration the great speed with which the use of P2P filesharing systems is expanding, is there any plan of including ipp2p and ipt_CONNTRACK support into shorewall? I''m sure that many admins managing gateways would be very happy about it... Thanx, -- Mario R. Pizzolanti <mario@zavood.ee> Zavood O?

Subject says it all... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

The generic tunnel support that I posted about yesterday has been updated: a) A bug that caused [re]start errors has been corrected. b) A list of zones may now be included in the third column of /etc/shorewall/tunnels; the semantics are the same as for ipsec tunnels. In addition, the ADDRESS column in /etc/shorewall/masq may now contain a comma-separated list of IP ranges/addresses. This enables

If you are interested in helping with testing new features, please look at http://shorewall.net/netmap.html. If you have a need for this type of network-level address mapping and/or are in a position to test it please let me know. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Rather than have lots of folks downloading a version with a broken ''check'' command, I''ve released 1.4.1a that corrects the problem. Sorry for the back-to-back releases today... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I