Displaying 20 results from an estimated 1000 matches similar to: "Shorewall 1.3.12 Beta1"
2003 Jan 06
3
ipsec nat-traversal
It seems to me that ipsecnat tunnel type is not complete.
Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal
communications. (It''s called port floating). That is needed to get rid
of ugly ipsec passthru devices.
Now ipsecnat opens port udp/500 from any source port.
And I think ipsecnat won''t work at all with gw zone defined? I''m not
sure about
2003 Oct 08
2
Problem with /bin/ash
I have /bin/ash from rh8 installation and I have following error when I
tried to change using ash instead of sh with shorewall-1.4.7:
+ eval options=$tap0_options
+ options=
+ list_search newnotsyn
+ local e=newnotsyn
+ [ 1 -gt 1 ]
+ return 1
+ run_user_exit newnotsyn
+ find_file newnotsyn
+ [ -n -a -f /newnotsyn ]
+ echo /etc/shorewall/newnotsyn
+ local user_exit=/etc/shorewall/newnotsyn
+ [
2004 May 26
6
Newnotsyn Behavior
Hello,
I''ve been doing some tests on a firewall system running Shorewall 1.4, and
have been getting some unexpected behavior when enabling the "newnotsyn"
option.
In the test setup, I have:
----------------------------------------
/etc/shorewall/interfaces
net eth0 detect routefilter,tcpflags,blacklist
loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn
2002 Sep 29
7
[Fwd: Building custom _updown script for freeswan to make it talk with shorewall]
Tuomo Soini wrote:
> You don''t happen to read shorewall-devel mailinglist ?
I read it -- I just didn''t know what to make of your post and it arrived
while I was on vacation.
What exactly are you trying to accomplish that Shorewall isn''t doing for
you now?
e.g.
/etc/shorewall/zones
rw Roadwarriors Road Warriors
/etc/shorewall/interfraces
rw ipsec+
2003 Jan 26
7
Bug in shorewall
I just added 802.1Q VLAN support to redhat initscripts. And after
support was ready, I tried to restart shorewall. Well it blew into
pieces. Seems like shorewall can''t handle device names like:
eth0.3 very properly. That''s default naming of vlan devices. eth1 is
master device and 3 is id of my test vlan.
So when I added to interfaces line:
home eth0.3 detect
seems like
2005 May 26
11
Quick poll: CVS commits
Hi folks,
I''m conducting a straw poll for your opinions on whether we should send
CVS commit logs (probably with diffs) to the shorewall-devel list, or to
another (new) list?
I can see advantages to both ways: separate lists mean that people who
aren''t contributing code don''t get flooded with code noise, but a single
list will help keep everyone involved in the
2005 May 25
5
Patch to fix dynamic add/delete to zone functinality
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''m running systems with openswan and modified _updown script supporting
shorewall dynamic hosts. Because on problems with cvs head version of
openswan I found a error from shorewall dynamic hosts support. When host
is already in zone shorewall aborts adding process with error. This is
not good thing(tm).
I found out that deleting host from
2012 Mar 12
8
CentOS6/RHEL6 - net.nf_conntrack_max not applied
2003 Mar 20
11
Opinions Please
Although 1.4 is now released, there is one aspect of Shorewall''s design
that I''m still quite unhappy with. It involves two areas:
a) when and when not to create rules to allow inbound traffic on an
interface to be routed back out that same interface.
b) intrazone traffic.
I''m currently running 1.4.0 plus a change that:
a) Allows intrazone traffic unconditionally --
2010 May 02
4
Kernel Panic on Masq Enable with Shorewall 4.4.8 & 2.6.27.45-0.1-default #1 SMP
All,
I have been using Shorewall successfully for years on many different machines and configurations. However, I just built a new box and wanted to setup shorewall on it. I''m running SuSE Linux Enterprise Server 11 and Shorewall 4.4.8 (latest version as of this e-mail) using the RPM download. I am able to install Shorewall just fine and I''m able to setup everything except
2004 Feb 11
2
shorewall-docs-html-1.4.10a bugreport
shorewall-docs-html-1.4.10a is missing following files:
Banner.htm
Shorewall_index_frame.htm
seattle_firewall_index.htm
Or there should be different index.htm in tar. There might be other
missing files but that''s what I found out immidiately when I tried to
check local docs.
--
Tuomo Soini <tis@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2019 May 21
2
How to get original recipient from Postfix when using LMTP?
Many people prefer to use LMTP for delivery from postfix for better
efficiency but X-Original-to header support still missing after many
years. One affect of this is need to set
sieve_vacation_dont_check_recipient = yes which violate Sieve standard
and cause auto-replyies sent to messages that should not happen. Or
abandon LMTP. or abandon postfix??
So while feature request is stalled are
2002 Nov 12
3
''all'' in rules file
I have implemented the ability to specify ''all'' in the SOURCE and
DESTINATION columns of the rules file and I''m not sure I like the result.
The code is in CVS if any of you are interested in giving it a try. If you
do try it, please let me know what you think.
If you specify ''all'' in those columns it must not be qualified (may not be
followed by
2004 Aug 22
6
LAN to DMZ zone issues.
Hello all,
Name is Andrew and in desperate need of some info.
Setup:
- Mandrake 9.1 with three interfaces
(eth0 --> WAN) C-class /28 network (with tree virtual addresses which I
am DNAT-ing to the DMZ)
(eth1 --> LAN) A-class 10.0.0.0/8
(eth2 --> DMZ) A-class subnet 10.1.123.0/24
- Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk
Dilemma:
- LAN can not access the DMZ zone
2005 May 27
5
Problems with dynamic zones
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found out problems with dynamic add of hosts to zones. If somebody has
idea how to fix it, please do tell. My head is not working on this on
properly. Hope you get idea from this message. I''m trying to simplify
this as much as possible to get problem clear.
Problem is:
Zones:
vpn
wlan
net
Interfaces:
net eth0
wlan eth1
Policies:
vpn all
2004 Nov 08
3
nessusd on shorewall
Hi,
I have shorewall version 1.4.10g on Redhat 9 Local clients are on eth1
in subnet 192.168.3.0/24. eth0 is for the outside (over xdsl with
includes a ppp0 interface).
Nessus (nessusd) is installed *on the firewall* and managed trough
nessus (the client or frontend) running on one of the internal machines.
When I was running a scan against 194.152.181.36 I observed several
entries like
2018 May 10
3
[CentOS-announce] Release for CentOS Linux 7 (1804) on x86_64 aarch64 i386 ppc64 ppc64le
On May 10, 2018, at 1:33 AM, Karanbir Singh <kbsingh at centos.org> wrote:
>
> I am pleased to announce the general availability of CentOS Linux 7
> (1804) for across all architectures.
I?ve checked about a dozen of the mirrors, and see no *.torrent files yet. Any idea how long they?ll take to appear? I ask because we?re building a system today, so if it?s going to be more than
2004 Aug 16
1
CLEAR_TC=Yes & TC_ENABLED=No
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found a problem with my tcstart script.
First I was running system TC enabled for testing and then to stop all
TC I changed TC_ENABLED=No.
But I started to wonder why shorewall restart did _not_ clear TC rules
after TC was disabled?
So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is
disabled automatically.
Question is: should
2004 Jun 02
1
Minor patch to install.sh to make it honor environment variables
Just something I patch in my rpm set to make shorewall configurable.
--
Tuomo Soini <tis@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-------------- next part --------------
--- shorewall-2.0.2d/install.sh.orig 2004-05-28 03:17:01.000000000 +0300
+++ shorewall-2.0.2d/install.sh 2004-05-30 01:08:00.000000000 +0300
@@ -87,11 +87,20 @@
# RUNLEVELS