similar to: minor problem with shorewall-1.4.4

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

The version of Shorewall in the \Shorewall CVS project has my next attempt at Fireparse integration. a) The LOGMARKER variable is gone and is replaced with LOGFORMAT b) LOGFORMAT contains a printf (1) formatting template that accepts three arguments: 1) The Chain Name 2) The Logging Rule Number within Chain 3) The disposition of the packet (DROP,REJECT,ACCEPT) c) To use Shorewall with

How does LOGFORMAT in shorewall.conf control the length of the zone name as discussed in the zones man page? The default max length is 5. What would I specify in LOGFORMAT to allow a 6 character zone name? ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging,

I have a Samba box joined to a Windows 2003 AD. I have noticed a strange problem with adding users to groups. I added user 'shw' to the group 'project1' on the AD. When the user logs in the the Samba box, he does not have the permissions of someone in the 'project1' group. When I run 'id shw', group 'project1' shows up. However when I run 'id'

Given that there are new features and there are external changes to get around the Fireparse fiasco, I have called this release 1.4.4 rather than 1.4.3b. Problems Corrected: None. New Features: 1) A REDIRECT-rule target has been added. This target behaves for REDIRECT in the same was as DNAT-does for DNAT in that the Netfilter nat table REDIRECT rule is added but not the companion

I have /bin/ash from rh8 installation and I have following error when I tried to change using ash instead of sh with shorewall-1.4.7: + eval options=$tap0_options + options= + list_search newnotsyn + local e=newnotsyn + [ 1 -gt 1 ] + return 1 + run_user_exit newnotsyn + find_file newnotsyn + [ -n -a -f /newnotsyn ] + echo /etc/shorewall/newnotsyn + local user_exit=/etc/shorewall/newnotsyn + [

Hi all, Freshly installed apache 2.2 with httpd-itk (from epel). When I try to access apache's document root from a browser on local network, it always serve me the Apache welcome page, even if I have a index.html and a phpinfo.php file in the /var/www/html folder. If point the browser specifically to http://server/index.html, I get a '404 Not found error'. I'm running CentOS

The Fireparse --log-prefix fiasco continues. Version 1.4.4a omits the logging rule number if the LOGFORMAT value does not contain ''%d''. The default value of LOGFORMAT is then changed to "Shorewall:%s:%s:" so that the maximum length of a short zone name is once again back at 5. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \

I forgot to mention it. All the files under /var/html are owned by apache:apache On 15-05-07 04:07 PM, Eric Lehmann wrote: > Have you checked the file rights under your document root ? > Your apache group need reading right. > Am 07.05.2015 21:42 schrieb "John" <tuxfed at gmail.com>: > >> Hi all, Freshly installed apache 2.2 with httpd-itk (from epel). When I

Hi there. I''m reading and reading through the doc''s and previous posts, but cannot seem to find what I''m looking for. I want to create a rule that prevents DoS and maybe even DDoS attacks against a specific port. The current rule looks like this (the PORT''s and IP''s are dummies of course): #ACTION SOURCE DEST

I think you can change the existing firewall logging code for log_rule_limit (where you have one case for for LOGRULENUMBERS and another almost identical case without) down to this slightly shorter version with no duplication (excerpt): if [ -n "$LOGRULENUMBERS" ]; then eval rulenum=\$${chain}_logrules [ -z "$rulenum" ] && rulenum=1 fi case

Folks I'd love to use Cockpit, but I cannot open port 9090 for the access in all cases. I'd like to access it via my usual http port (such as 80) where I'm limited to a single HTTP port. I understand the security implications, and can deal with them later. My attempt was to allow the following URL to access the cockpit functionality: http://xxx.example.com/cockpit (not the

This rule with a long name and logging: AllowInternetPrintingProtocol:debug causes this iptables error: Processing /etc/shorewall/rules... Rule "AllowSSH:info net fw" added. Rule "AllowPing:info net fw" added. Rule "AllowWeb:debug net fw" added. iptables v1.2.9: Maximum prefix length 29 for --log-prefix Try `iptables

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

I''ve been hunting the web and reading the mailing lists all day but I''m not finding any guidance on this problem. When I try to talk to my mongrel it simply responds with NOT FOUND and nothing else. I can''t find anything on google because this has to be the second most commond phrase in existence. Any help or guidance would be greatly appreciated. Sincerely, Chuck Vose

hello! i got this forum powered by apache and mod_rails lately when i create / edit posts, i get plain html text showing up instead of the actual page. here''s what i see: -- Content-Type: text/html; charset=utf-8 Set-Cookie: _mysite_session=BAh7CzoOcmV0dXJuX3RvMDoKdGl0bGV7BmkVdToJVGltZQ2IDhuAK1UeADoL %250AdG9waWNzewZpBnU7Bw2HDhuA2%252FZJ7zoJdXNlcmkGIgpmbGFzaElDOidBY3Rp

It seems to me that ipsecnat tunnel type is not complete. Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal communications. (It''s called port floating). That is needed to get rid of ugly ipsec passthru devices. Now ipsecnat opens port udp/500 from any source port. And I think ipsecnat won''t work at all with gw zone defined? I''m not sure about

Hi, I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected... When all providers are up, everything seems fine. When one goes down, lsm says "link <provider> down event"... and it seems ok but we then experience some problems such as a few unreachable sites, DNS problems... If I remove the downed provider from all confs and restart, everything works again.

I just added 802.1Q VLAN support to redhat initscripts. And after support was ready, I tried to restart shorewall. Well it blew into pieces. Seems like shorewall can''t handle device names like: eth0.3 very properly. That''s default naming of vlan devices. eth1 is master device and 3 is id of my test vlan. So when I added to interfaces line: home eth0.3 detect seems like