similar to: New article about Actions

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta3 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta3 Problems Corrected: 1. Missing ''#'' in the rfc1918 file has been corrected. 2. The INSTALL file now includes special instructions for Slackware users. New Features: 1. In CLASSIFY rules

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m hoping that this will be the last RC and that I can release 2.2.0 on February 1. I appreciate your help in testing this RC. http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 Problems Corrected: 1. The AllowTrcrt action has been changed to allow up to 30

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have hacked together some sample configurations for 2.2.0. You can find them at: http://shorewall.net/pub/shorewall/Samples/samples-2.2.0 ftp://shorewall.net/pub/shorewall/Samples/samples-2.2.0 - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, I will be rebuilding my server. I expect the project to take most of the day. I will begin around 7AM PST (-0800). The server hosts the following sites: www1.shorewall.net (a.k.a. shorewall.net) ftp1.shorewall.net lists.shorewall.net rsync.shorewall.net Sorry for the inconvenience. - -Tom - -- Tom Eastep \ Nothing is foolproof

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To reflect recent allocations by the IANA, the following files are available: For Shorewall 2.0.0b and earlier: http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 ftp://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 For Shorewall 2.0.1 and later: http://shorewall.net/pub/shorewall/errata/2.0.10/bogons

This article discusses how VPN and Netfilter interace and enumerates the rules that entries in the /etc/shorewall/tunnels file generate. http://shorewall.net/VPNBasics.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''ve written an article that describes the cause of some of the more frequently seen error and warning messages generated by Shorewall. You may find the article at http://shorewall.net/ErrorMessages.html. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

Please see http://shorewall.net/PacketHandling.html. It details the flow of a packet through a Shorwall-generated firewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Ian has proposed that we change the way that logging interacts with defined actions. Currently, if logging is specified on the invocation of an action (e.g., "AllowFTP:info all all"), all traffic sent to the AllowFTP chain is logged. In most cases, this isn''t what the user intended and other people have expressed surprise about this behavior in the past. The way I see this

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

FYI This bug will prevent ''shorewall restore'' from working if you have "!<single IP address>" in the ORIGINAL DEST column. -Tom ---------- Forwarded Message ---------- Subject: [PATCH] Another iptables-save buglet Date: Wednesday 14 September 2005 15:09 From: Tom Eastep <teastep@shorewall.net> To: netfilter-devel@lists.netfilter.org The conntrack

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

I managed to inadvertently purge my ''Shorewall'' email folder recently :-( so I''m unable to reply directly to Ian''s last post on this subject. One of the complicating aspects of actions is that an action can (and often does) invoke other actions. The current algorithm for processing actions is: a) read /etc/shorewall/actions and /usr/share/shorewall/actions.std

Thanks for such a quick reply Tom! Any suggestions then as to what I might do other than putting a second nic in the SBS and opening it up for web access? I don''t like the idea, but since MS SBS includes fireall that is actually what MS suggests. Boyd -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: January 3, 2005 3:05 PM To: Shorewall Users Cc: Boyd

FYI -- A small blurb on page 45. -------- Original Message -------- Subject: Shorewall in (IN)SECURE Magazine Date: Tue, 16 Aug 2005 00:10:51 +0200 From: Mirko Zorz <mirko.zorz@net-security.org> To: teastep@shorewall.net Hello Tom, I thought you would be interested to know that Shorewall has been featured in the Software Spotlight section of the third issue of (IN)SECURE, a free security

Hi Tom, Many thanks for that, that''s really helped. Netfilter is indeed dropping the packets as invalid. Thanks and regards, Frances -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: 23 March 2007 18:05 To: Shorewall Users Subject: Re: [Shorewall-users] Expected handling of [SYN] when expecting[SYN, ACK]? Frances Flood wrote: > Basically, if the