similar to: Shorewall 2.0.15

I have a shorewall 2.0.14 running on a single interface machine (nwww in the log below) that is attempting to be well screwed down. The policy file reads:- #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST fw net DROP info net all DROP info # The FOLLOWING POLICY MUST BE LAST all all

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m hoping that this will be the last RC and that I can release 2.2.0 on February 1. I appreciate your help in testing this RC. http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 Problems Corrected: 1. The AllowTrcrt action has been changed to allow up to 30

http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 New Features: 1. Previously, when rate-limiting was specified in /etc/shorewall/policy (LIMIT:BURST column), any traffic which exceeded the specified rate was silently dropped. Now, if a log level is given in the entry (LEVEL column) then drops are logged

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 Just a few bug fixes: * The following error message could appear during "shorewall stop" clear": local: lo:: bad variable name * * The rate limiting example in /etc/shorewall/rules has been changed to use the RATE

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 New Features: 1. A listing of loaded iptables kernel modules is now included in the output of "shorewall status". Problems Corrected. 1. Several problems associated with processing the IPSEC column in /etc/shorewall/masq have been corrected. -Tom --

Note: Because of the short time that has elapsed since the release of Shorewall 2.2.0, Shorewall 2.0 will be supported until 1 December 2005 or until the release of Shorewall 2.6.0, whichever occurs first. http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 ftp://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool

This will be my last 2.2 release. It contains a couple of small bug fixes that I had laying around. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would still be used if the kernel supported it. 2) A typo in the ''tunnel'' script has been corrected

This release back-ports the DROPINVALID shorewall.conf option from 2.2.0. 1) Recent 2.6 kernels include code that evaluates TCP packets based on TCP Window analysis. This can cause packets that were previously classified as NEW or ESTABLISHED to be classified as INVALID. The new kernel code can be disabled by including this command in your /etc/shorewall/init file: echo 1

This release just rolls up the fixes for the few problems that have surfaced in the first two to three weeks of Shorewall 2.2 availability. If 2.2.0 is working ok for you, there is no reason to upgrade. So far I''ve been very pleased with the stability of the 2.2 release and attribute much of that to the new release model. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.1

I forgot to add the last new feature to the previous announcement. Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, I''m a bit confused on the rules and would like your help. I''ve 4 NIC, eth0 --> WAN (net) eth1 --> OSPF1 (bb1) eth2 --> OSPF2 (bb2) I would like to enable all the icmp function (ping and traceroute) Wonder what effect will the following policy make. bb0 all ACCEPT info bb1

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.4 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.4 Problems Corrected: 1. The error message: Error: No appropriate chain for zone <z1> to zone <z2> has been changed to one that is more self-explanatory: Error: No policy defined for zone <z1> to zone <z2> 2. When only an

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 Problems Corrected: 1) If a zone is defined in /etc/shorewall/hosts using <interface>:!<network> in the HOSTS column then startup errors occur on "shorewall [re]start". 2) Previously, if "shorewall status" was run on a system whose kernel lacked

On Tue, 2004-11-30 at 12:17 +0700, Matthew Hodgett wrote: > > As for the 169.254 issue I tried to search the archives but got nothing. > I then tried to search on generic words, nothing. I then tried some > really common words like ''help'', ''initiated'', ''masq'' - nothing. I think > the index might be corrupt because I get no

I''m building a 10 branch/1 headquarter network with Shorewall/Linux as gateway on all locations. The TI guy asked me if there is a way to ''cache'' TCP/UDP traffic between them. I crawled on Internet and I only find very expensive solutions for this. Some of them appeared in this comparison article: http://www.networkcomputing.com/showitem.jhtml?docid=1524f5 Does anyone

Hello List: Recently our shorewall FW server went dead (PS failure) & brought the entire system down. Luckily we are testing the FW and other servers, so we did not loose anything. Now we have decided to setup two Shorewall FW servers with a primary & another fallover FW server. I have done some research cruised the Internet and found that a product ''UCARP''

Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.15. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility

Hi, I'm trying to set up Icecast and Ices to stream from my sound card's line-in. I'm using ALSA. I'm experienced in Linux but haven't spent much time on multimedia and I'm new to streaming. Platform is Mandrake 10.1 with kernel held to 2.4. The sound card is working and I can record to file using sox. Ices and Icecast both start okay, and aren't logging any

On Tue, 2004-11-30 at 12:17 +0700, Matthew Hodgett wrote: > > As for the 169.254 issue I tried to search the archives but got nothing. > I then tried to search on generic words, nothing. I then tried some > really common words like ''help'', ''initiated'', ''masq'' - nothing. I think > the index might be corrupt because I get no

http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to