similar to: Order sensitivity in shorewall configs

Hi folks, As requested earlier in the week, i''ve done some cleaning on my little script to manage shorewall configurations across multiple firewalls, and the results are available now. You can find a (rather banal) pointer at: http://paulgear.webhop.net/linux/#shoregen Download it at: http://paulgear.webhop.net/linux/RPMS/noarch/shoregen-0.1.1-1.noarch.rpm For you non-RPM types,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Quick question: can anyone remember the reason why all the config files end in ''#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE'' or something similar? I''m starting work on a shorewall preprocessor that will allow multiple firewalls to be administered from a single system (not a GUI, though), and

Greetings to all of the Shorewall community! We''d like to find out a little more about the environments in which Shorewall runs, and to this end i''ve created a survey. It is mostly designed to allow Shorewall users to see how their environment compares with that of the average Shorewall user (if such a thing exists!), but the results may be used by the Shorewall team to assist

Anyone know how/where we can get some? It has been raised before: http://lists.shorewall.net/pipermail/shorewall-users/2004-July/013594.html I''d like to see an IRC or Jabber service for both support and development. -- Paul <http://paulgear.webhop.net> -- Did you know? OpenOffice.org has built-in PDF creation. Better yet, it''s compatible with Microsoft Office, and

A request has been logged with SourceForge support to have the subscriber list and archives of these mailing lists imported. You will automatically be subscribed to the new list - please update your mail filters if required. During the changeover, please do not use these lists if possible, since the archives from this point on will not be preserved if you send to

Hi folks, Over the weekend Ron has made some good progress with functionality available at http://devel.shorewall.net, and i''ve converted all of the content i had placed at http://shorewall.dyndns.org (which is now a redirect to the former). Please have a look around and give your feedback, either here or on the site itself. -- Paul <http://paulgear.webhop.net> -- Did you know?

Hi folks, As the subject says, the Shorewall users mailing list has been moved to SourceForge.net. I''m still manually processing a number of subscribe and unsubscribe requests that have occurred since we requested the import. The list archives are now available via: http://sourceforge.net/mail/?group_id=22587 and you can manage your subscription to the new list at:

Lars Jensen wrote: > Hi paul, > > The documentation for the routestopped configuration file at > http://shorewall.sourceforge.net/Documentation.htm#Routestopped says > that the host must be listed separated by commas. If this is done, an > error occurs upon reboot, and shorewall doesn''t load at all (debian). It > is necessary to include double quotes also, like this:

Hi folks, I''m feeling the need to get an updated feel for where our users are at with respect to Shorewall, and i''m thinking about running a survey again. My thoughts at the moment are that we should have two separate surveys: one to find out about users and their thoughts, and the other to find out about the systems on which Shorewall is running. If you have any thoughts

Hello, With reference to the problems listed below. I too am having incredibly long start up times. I''m talking minutes here (around 5 minutes). My configuration is not complex I don''t think. We are you using ldap too and the settings are bellow. The network is up as I''m restarting shorewall whilst the machine is running. Any suggestions? Is there no way to

Hi folks, I''ve added a couple of ''help wanted'' ads to our SourceForge project. You can see them at http://sourceforge.net/people/?group_id=22587 I''ll add more as i have the opportunity. If you can think of other jobs we need to assign, please let me know. -- Paul <http://paulgear.webhop.net> -- Did you know? Using accepted quoting conventions makes

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, Can someone refresh my memory on the difference between the following (where dmz contains an RFC 1918 address host)? ACCEPT net dmz tcp 80 - all DNAT net dmz tcp 80 I''m trying to generate a script for maintaining multiple interconnected firewalls from shared policy, rules, and zone files, and i

Hi folks, I''m conducting a straw poll for your opinions on whether we should send CVS commit logs (probably with diffs) to the shorewall-devel list, or to another (new) list? I can see advantages to both ways: separate lists mean that people who aren''t contributing code don''t get flooded with code noise, but a single list will help keep everyone involved in the

Hi folks, When we first started talking about Shorewall post-Tom, a few people offered to help with testing. Would those people please raise their hands again? :-) I''m investigating Nicolas Helleringer''s recent message on shorewall-users (http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018898.html), and a good test environment would come in really handy,

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to

So after reading the traffic control documentation at shorewall.net I am a little confused. I don''t understand how to use the tcrules file. What I would ideally like to do is setup htb on a per user basis (either by IP or MAC address). If anybody has any hints on the best way to do this or is willing to explain the use of tcrules file a little better (how I could mark it per IP or MAC)

I have just installed shorewall 2.0.9, having spent a day and a half tracking down why my tcrules wasn''t working properly in 2.0.8. I didn''t see the announcement of 2.0.9 because it didn''t go to -announce. Anyway I have 2.0.9 now (the package from Debian incoming) and the problem is still there. My tcrules file says: 1 0.0.0.0/0 0.0.0.0/0 tcp 22 1 0.0.0.0/0 0.0.0.0/0