similar to: Shorewall 2.0.14

My sincere apologies for the messed up 2.0.14. I didn''t realize that I had merged a change from 2.2.0 but hadn''t tested it. http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15 1. The range of ports opened by the AllowTrcrt action has been expanded to 33434:33524 to allow for a maximum of 30 hops. 2. Code mis-ported

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 Just a few bug fixes: * The following error message could appear during "shorewall stop" clear": local: lo:: bad variable name * * The rate limiting example in /etc/shorewall/rules has been changed to use the RATE

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adem has contributed a nice IP Subnet chart which I''ve placed at http://shorewall.net/pub/shorewall/contrib/IPSubNetMask.html Thanks Adem! - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1 Problems Corrected: 1. The syntax of the add and delete command has been clarified in the help summary produced by /sbin/shorewall. New Features: 1. TCP OpenVPN tunnels are now supported using the ''openvpn'' tunnel type. OpenVPN

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 New Features: 1. A listing of loaded iptables kernel modules is now included in the output of "shorewall status". Problems Corrected. 1. Several problems associated with processing the IPSEC column in /etc/shorewall/masq have been corrected. -Tom --

This release back-ports the DROPINVALID shorewall.conf option from 2.2.0. 1) Recent 2.6 kernels include code that evaluates TCP packets based on TCP Window analysis. This can cause packets that were previously classified as NEW or ESTABLISHED to be classified as INVALID. The new kernel code can be disabled by including this command in your /etc/shorewall/init file: echo 1

Note: Because of the short time that has elapsed since the release of Shorewall 2.2.0, Shorewall 2.0 will be supported until 1 December 2005 or until the release of Shorewall 2.6.0, whichever occurs first. http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 ftp://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool

This will be my last 2.2 release. It contains a couple of small bug fixes that I had laying around. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would still be used if the kernel supported it. 2) A typo in the ''tunnel'' script has been corrected

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m hoping that this will be the last RC and that I can release 2.2.0 on February 1. I appreciate your help in testing this RC. http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 Problems Corrected: 1. The AllowTrcrt action has been changed to allow up to 30

I forgot to add the last new feature to the previous announcement. Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2.

hi, we use openvpn as for our vpn endpoints and we''ve got about 70-80 vpn connections which means we have tun0 - tun80 interface. i''d like to define one zone for all of our vpn connections how can I do that? actualy our local zone is 192.168.0.0/17 (not 16) and all of the vpn''s are in 192.168.128.0/17. our should i define somehow the local zone as 192.168.0.0/16? but in

This release just rolls up the fixes for the few problems that have surfaced in the first two to three weeks of Shorewall 2.2 availability. If 2.2.0 is working ok for you, there is no reason to upgrade. So far I''ve been very pleased with the stability of the 2.2 release and attribute much of that to the new release model. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.1

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 Problems Corrected: 1) If a zone is defined in /etc/shorewall/hosts using <interface>:!<network> in the HOSTS column then startup errors occur on "shorewall [re]start". 2) Previously, if "shorewall status" was run on a system whose kernel lacked

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.4 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.4 Problems Corrected: 1. The error message: Error: No appropriate chain for zone <z1> to zone <z2> has been changed to one that is more self-explanatory: Error: No policy defined for zone <z1> to zone <z2> 2. When only an

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Although it took considerably longer than I had planned, the upgrade of my firewall has been completed. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

On Tue, 2004-11-30 at 12:17 +0700, Matthew Hodgett wrote: > > As for the 169.254 issue I tried to search the archives but got nothing. > I then tried to search on generic words, nothing. I then tried some > really common words like ''help'', ''initiated'', ''masq'' - nothing. I think > the index might be corrupt because I get no

No need to upgrade to this release if you already have the new bogons file or don''t use that file. The primary change is a fix to the install.sh script which previously gave an error on a new install. http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.11 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.11 Problems corrected in 2.0.11 1) The INSTALL file now include special

http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to

Hi, this method for block SSH Login Attack it seems to be good. http://www.soloport.com/iptables.html which it is the better way in order to implement it into shorewall config files? Many thanks -- Dario Lesca <d.lesca@solinos.it>