Displaying 20 results from an estimated 20000 matches similar to: "Your opinion please"
2002 Apr 29
3
ports ''closed'', not ''blocked''???
Using Shorewall v1.2, and testing the firewall using scan.sygate.com, I
am informed that several ports (web (80), ident (113) and DCE locator
(135) are ''closed'' rather than ''blocked''.
All other ports show as blocked or ''stealthed''.
I haven''t set up any rules or policies that have anything to do with 80,
113 or 135.
Is this
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
I''m beginning to believe that the use of the last column in the rules file
to designate redirection/forwarding is too subtle for many users. For 1.3,
I think I''ll do something like the following:
Current rule:
ACCEPT net loc:192.168.1.3 tcp 80 - all
New rule:
FORWARD net loc:192.168.1.3 tcp 80
Current rule:
ACCEPT net fw::3128 tcp 80 - all
New rule:
REDIRECT net
2002 Jun 02
6
Where Shorewall goes from here...
Now that 1.3 is out, I thought it would be a good idea to tell you what my
plans are for Shorewall and to solicit input from this list.
My focus for the next several minor releases will be to incorporate recent
Netfilter enhancements into Shorewall. For example, this afternoon I have
integrated support for the ''multiport'' match facility.
I would like to defer the next minor
2002 Apr 08
22
Parameterized Samples Withdrawn
Although the parameterized samples have allowed people to get a firewall
up and running quickly, they have unfortunately set the wrong level of
expectation among those who have used them. I am therefore withdrawing
support for the samples and I am recommending that they not be used in new
Shorewall installations.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \
2002 Jun 07
4
Proxy ARP - Pros & Cons
In a previous thread, Tom listed advantages (reproduced below) of Proxy
ARP over NAT. They are great reasons, but I have one reservation. By
using private addresses with NAT for servers in my DMZ, I can granularly
allow specific traffic, such as to/from the SMTP gateway/relay in the
DMZ, to connect inbound from the DMZ to an internal (LOC) mail server,
and know that it comes only from a
2002 May 24
7
blacklist question
I''m wondering if is is posable to do something like
. /etc/shorewall/somefile
from inside the blacklist file is a future release.
is is this sort of thing already available and I''m just doing it wrong?
--
Brad Wyman |\ _,,,---,,_
bradw@sta-care.com /,`.-''`'' -. ;-;;,_
Network Admin |,4- ) )-,_. ,\ ( `''-''
Sta-Care,
2005 Jun 24
13
Test environments?
Hi folks,
When we first started talking about Shorewall post-Tom, a few people
offered to help with testing. Would those people please raise their
hands again? :-)
I''m investigating Nicolas Helleringer''s recent message on
shorewall-users
(http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018898.html),
and a good test environment would come in really handy,
2005 Jan 05
22
Shorewall and IPV6
As 2.2.0 is nearing release, I''ve begun to think about what I''ll do for
2.3 and I think that it is time for Shorewall to add support for IPV6.
Because of parsing ambiguities, the need to maintain upward
compatibility with both Shorewall and 6Wall, and different available
functionality in IPV4 and IPV6 Netfilter, I believe that it is going to
be necessary for some files to be
2004 Jan 09
32
Ideas for Shorewall 2.0
I''m beginning to think again about what will be different in 2.0. Here
are some thoughts.
a) User-defined actions will be emphasized.
- A library of actions will be available with names such as:
AcceptSSH
AcceptDNS
DropWindows (drops all SMB noise)
DropBroadcasts (Silently drop all Broadcast traffic)
...
The possibilities are nearly endless but should
2005 Apr 16
6
wishlist: ''none'' as source address in rules
Hi,
I plug my laptop in different networks and use the following hack to
configure automatically shorewall for trusted/untrusted networks:
In /etc/shorewall/params:
# none is a dummy zone associated to the loopback interface
NONE="none:0.0.0.0"
# Network scheme, automatically detected by intuitively
NETWORK_SCHEME="$(cat /etc/network/scheme 2>/dev/null)"
case
2002 Jul 01
3
Shorewall connection logging question
I have a perferctly working shorewall system, with basic configuration
(external real IP, one private address internal network with some
forwarded services), and log handling with fwlogwatch.
My problem is that I can''t find out how to make something like this
with shorewall (TCP-connections only):
- Allow protocol x connections from IP x.x.x.x without logging
- Allow protocol x
2005 Jun 30
10
Long Shorewall Startup Times Revisited
Hello,
With reference to the problems listed below. I too am having
incredibly long start up times. I''m talking minutes here (around 5
minutes).
My configuration is not complex I don''t think. We are you using ldap
too and the settings are bellow. The network is up as I''m restarting
shorewall whilst the machine is running.
Any suggestions? Is there no way to
2005 Jun 02
28
One Remaining Issue Regarding 2.4.0
I believe that 2.4.0 is about ready to be sent out the door. I''ve made a
couple of small changes since RC2 but I don''t believe that they warrant
another RC.
There remains the issue of what to do about support for Shorewall 2.0 given
that 2.2 has only been available since March.
It would be my recommendation to make 2.4 the new "stable" release but
continue to
2005 Jun 01
5
use of shell code in shorewall/params
The params file appears to be simply "sourced" by the firewall script,
which means one can put any Bourne shell code into it and it will
execute it. This feature isn''t documented, so I''m wondering if it can
be documented and thus guaranteed to always work. I''d like to dig out
the IP parameters of my interface cards from the ifcfg-eth? files and
set shorewall
2005 May 27
10
Help wanted notices
Hi folks,
I''ve added a couple of ''help wanted'' ads to our SourceForge project.
You can see them at
http://sourceforge.net/people/?group_id=22587
I''ll add more as i have the opportunity. If you can think of other jobs
we need to assign, please let me know.
--
Paul
<http://paulgear.webhop.net>
--
Did you know? Using accepted quoting conventions makes
2006 Mar 02
4
The inaugural Shorewall survey!
Greetings to all of the Shorewall community!
We''d like to find out a little more about the environments in which
Shorewall runs, and to this end i''ve created a survey. It is mostly
designed to allow Shorewall users to see how their environment compares
with that of the average Shorewall user (if such a thing exists!), but
the results may be used by the Shorewall team to assist
2005 Jun 24
4
Chat servers?
Anyone know how/where we can get some?
It has been raised before:
http://lists.shorewall.net/pipermail/shorewall-users/2004-July/013594.html
I''d like to see an IRC or Jabber service for both support and development.
--
Paul
<http://paulgear.webhop.net>
--
Did you know? OpenOffice.org has built-in PDF creation. Better yet,
it''s compatible with Microsoft Office, and
2007 Aug 15
8
Shorewall and printing problems in the LAN ( loc ) zone
Guys,
Just a quick check. From what i have read in the
shorewall site, intrazone traffic is allowed
completely by shorewall i.e. there is no filtering or
packet size limiting ,etc,etc.
I ask this becos after getting shorewall up and
running well, someone has complained that they cannot
print pdf files larger than 100k at one go but that
they have to print one page at a time.
Some details;
2005 Jun 04
3
[Fwd: [shorewall-coding] Shorewall2 functions, 1.39, 1.40]
Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050604/bee263f3/signature.bin
2005 May 26
28
Shorewall development web site
Hi folks,
Last night and this morning i''ve hacked up a quick web site for
coordinating our development work based on Drupal (http://drupal.org).
You can find it at:
http://shorewall.dyndns.org
I''ve put a few ideas in there - feel free to use the comments or sign
up for an account and create your own pages (particularly in the two
books about development and web site work).