similar to: Shorewall suggestions

I think we should add an FAQ entry for tcp_ecn. I remember Tom giving a good description in one of his many responses and there is mention of it in the pptp page, but I could not find the response from Tom about different tcp stacks. Thanks, -- Steve Herber herber@thing.com work: 206-261-0307 Systems Engineer, AMCIS, UoW home: 425-454-2399 ---------- Forwarded message ---------- Date: Sat,

I looked at the 1.3 whitelist documentation and realized that the ops example, while interesting in and of itself, did not do what I think a whitelist does. Back to symmetry, if a blacklist is a list of sites not allowed to connect in through the fire wall, maybe to a web server, for example, then a whitelist should be a list of machines that are allowed to access a service or services, again,

This is interesting... And probably requires some changes. -- Steve Herber herber@thing.com work: 206-261-0307 Systems Engineer, AMCIS, UoW home: 425-454-2399 ---------- Forwarded message ---------- Date: Thu, 6 Jun 2002 09:20:54 -0700 From: John W Baxter <jwblist@olympus.net> To: linux-list@ssc.com Subject: [SLL] New 67./8 and 68./8 now in use The /8 subnets 67.0.0.0 and 68.0.0.0,

I, too, want to thank Tom for such a great software package and all the support he has always given. I was just reading a Slashdot interview with the Nagios/NetSaint author Ethan Galstad. The whole article is interesting and I bet the questions and answers would be similar for Shorewall: http://interviews.slashdot.org/article.pl?sid=03/01/09/1216259&mode=thread&tid=156 Question 19

Rather than have lots of folks downloading a version with a broken ''check'' command, I''ve released 1.4.1a that corrects the problem. Sorry for the back-to-back releases today... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

Ron and Steve, I am ready to begin the documentation changes for 1.3.2. Are you close to having any of your changes ready for release? If so, we can get those into CVS before I begin my changes -- if not, then I''ll go ahead and update CVS with the 1.3.2 material. Please let me know. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net

IMHO, our big picture challenge is that multiple explanations for several topics are spread out over several different docs and pages One parameter is frequently discussed in four or more places (QSG, files reference pages, file comments, main documentation, etc.) That gives multiple perspectives, which can be good, but can also lead to at least the appearance, especially to a beginner, of

The 3.1 Beta is now available -- check the Shorewall home page. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

> -----Original Message----- > From: Tom Eastep [mailto:teastep@shorewall.net] > Sent: Monday, May 13, 2002 9:05 AM > To: Steve Herber > Cc: Shorewall Development > Subject: Re: [Shorewall-devel] RE: [Shorewall-users] SMTP outbound > problem (fwd) > > > On Mon, 13 May 2002, Steve Herber wrote: > > > I think we should add an FAQ entry for tcp_ecn. > >

Now that 1.3 is out, I thought it would be a good idea to tell you what my plans are for Shorewall and to solicit input from this list. My focus for the next several minor releases will be to incorporate recent Netfilter enhancements into Shorewall. For example, this afternoon I have integrated support for the ''multiport'' match facility. I would like to defer the next minor

Hello all, I don''t want this to be a tome'' but felt a comment was in order. Many new users (Linux and Shorewall are no different) are more apt to not read the manual(RTFM) as they view it as "Taking to long" and don''t understand it''s relevance in their particular scenario. This is unfortunate in the case of Shorewall. As the documents are not only

Tru64 patch will not make it into 3.5 (this is final) due to lack of willing people to test. I have given the Tru64/osf1 community almost a month to test it. And *ONE* person came forward to give me verification. And don't give me shit about "I don't have time." The person who tested it was LEAVING his employer with Tru64. He found time. IT IS YOUR GAWD DAMN PLATFORM. IF

I think that the time has come for me to back off a bit from my involvement with Shorewall. I just don''t have enough cycles (or energy) to keep up the pace of the last several months. As a consequence, I''m going to do the following: 1. I''m going to stop personally supporting the entry level tools (samples and quick start guide). These tools are a source of constant

Hi! Taking into consideration the great speed with which the use of P2P filesharing systems is expanding, is there any plan of including ipp2p and ipt_CONNTRACK support into shorewall? I''m sure that many admins managing gateways would be very happy about it... Thanx, -- Mario R. Pizzolanti <mario@zavood.ee> Zavood O?

Well, after digging around and thinking some more, I'm giving up on the idea of preallocating a TTY to get post-auth privsep working on Tru64. I don't think it will work, because just allocating a TTY doesn't fix the problem - there's no valid way to tie that TTY back to the client process (because it hasn't requested a TTY yet and may not ever do so). The problem is that the

Samba 2.0.7 running on Compaq Tru64 UNIX V5.0A with latest tru64 patches. "mget *" works OK, "mput *" or something like "mput *.bat" fails with the error message "find: bad option -maxdepth". Several questions - Anyone else come across this one? Would dropping back to 2.0.6 fix the problem? Could it be an issue with 2.0.7 on Tru64 V5? Regards, Brian

Subject says it all... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

http://bugzilla.mindrot.org/show_bug.cgi?id=933 Summary: compile problem on tru64 5.1A code outside of a #ifdef that should not be included on tru64 Product: Portable OpenSSH Version: 3.8p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build

I know it is just after a release, but I'm trying to see how the regression tests look on Tru64. I hadn't had a chance to really look at them before because I didn't have sudo installed on Tru64 (now I do). Anyway, for the 3.9p1 release, all of them run except for a couple of problems: - agent-ptrace fails; it looks like setgid isn't enough to kill tracing under Tru64, and I

This is odd: We're using rsync to mirror multiple directories from a server to two clients. The server is running Tru64 v5.1a, client A is running Redhat Linux 8.0, and client B is running Tru64 v4.0g. The mirrors for both clients are running at the same time interval (10 minutes, offset by 5 minutes). All machines are running rsync v2.5.6, and using ssh2 v3.2.3 as the