similar to: New in CVS

In the Shorewall/ CVS project: Problems Corrected: 1) There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" in the documentation and configuration files. 2) The description of NEWNOTSYN in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

Although 1.4 is now released, there is one aspect of Shorewall''s design that I''m still quite unhappy with. It involves two areas: a) when and when not to create rules to allow inbound traffic on an interface to be routed back out that same interface. b) intrazone traffic. I''m currently running 1.4.0 plus a change that: a) Allows intrazone traffic unconditionally --

a.shubnik@btis.by wrote: > Hello Tom! Aleksandr, In the future, please don''t send your Shorewall support requests directly to me. Please see http://www.shorewall.net/support.htm: > I try to start last version of shorewall-4.0.2 under openvz environment > in virtual server and get follow error messages: > > gate ~ # shorewall check > Checking... > >

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

The Shorewall project at sourceforge has been upgraded to Allura. If you have a copy of the git repository, you need to check out a fresh copy from the new locations: git clone ssh://teastep@git.code.sf.net/p/shorewall/code shorewall git clone ssh://teastep@git.code.sf.net/p/shorewall/release release git clone ssh://teastep@git.code.sf.net/p/shorewall/tools tools git clone

The generic tunnel support that I posted about yesterday has been updated: a) A bug that caused [re]start errors has been corrected. b) A list of zones may now be included in the third column of /etc/shorewall/tunnels; the semantics are the same as for ipsec tunnels. In addition, the ADDRESS column in /etc/shorewall/masq may now contain a comma-separated list of IP ranges/addresses. This enables

It''s in the /Shorewall and /Shorewall-docs projects. I plan to run it over the weekend and release it Sunday night. -Tom PS: Francesca - no need to upgrade the Samples this time since none of the changes affect the sample configurations (other than the config file comments). -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \

If you would like to contribute to the documentation or development of Shorewall, I can make write access to the CVS repository available to you. For more information, follow the login instructions at http://shorewall.sourceforge.net/Shorewall_CVS_Access.html. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

FYI This bug will prevent ''shorewall restore'' from working if you have "!<single IP address>" in the ORIGINAL DEST column. -Tom ---------- Forwarded Message ---------- Subject: [PATCH] Another iptables-save buglet Date: Wednesday 14 September 2005 15:09 From: Tom Eastep <teastep@shorewall.net> To: netfilter-devel@lists.netfilter.org The conntrack

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

I''ve opened up development of Shorewall 4.1. While I had previously announced that Shorewall 4.1 would focus on IPv6, I have since learned that the netfilter team are developing ''xtables'', a unified IP0v4/IPv6 utility. It seems silly to spend the effort to add Shorewall support for IPv6 only to then have to turn around and convert it to use xtables. So I''ve

I''ve added a REDIRECT-target that does for REDIRECT what DNAT-does for DNAT. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

Anywhere that a syslog level can appear, you can now specify ULOG (must be upper case) and logging will occur to the ulog target. You can download ulogd from http://www.gnumonks.org/projects/ulogd. Only the ''firewall'' file is required. None of the comments in the other config files are updated yet but I''m working on it. -Tom -- Tom Eastep \ Shorewall - iptables

Just some stuff that was laying around in CVS: 1. Added ''DNAT-'' target. 2. Print policies in ''check'' command. 3. Added CLEAR_TC option. 4. Added SHARED_DIR option. [teastep@wookie Shorewall]$ cat releasenotes.txt This is a minor release of Shorewall that has a couple of new features. New features include: 1) A new ''DNAT-'' action has been

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

The Shorewall2/ project in CVS contains my initial attempt to establish correct routing for traffic forwarded from two different ISPs to internal servers. >From the release notes: Shorewall 2.3.2 includes support for multiple Internet interfaces to different ISPs. This feature is enabled by setting the "default" option for each Internet interface in