similar to: Shorewall 1.4.7 RC2

I''m beginning to think again about what will be different in 2.0. Here are some thoughts. a) User-defined actions will be emphasized. - A library of actions will be available with names such as: AcceptSSH AcceptDNS DropWindows (drops all SMB noise) DropBroadcasts (Silently drop all Broadcast traffic) ... The possibilities are nearly endless but should

Shorewall 1.4.7 is now available at: http://shorewall.net/pub/shorewall/shorewall-1.4.7 ftp://shorewall.net/pub/shorewall/shorewall-1.4.7 It will be available at your favorite mirror shortly. The release notes are attached. As always, many thanks go to Francesca Smith for updating the sample configurations for this release. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently

I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net

Greetings to all of the Shorewall community! We''d like to find out a little more about the environments in which Shorewall runs, and to this end i''ve created a survey. It is mostly designed to allow Shorewall users to see how their environment compares with that of the average Shorewall user (if such a thing exists!), but the results may be used by the Shorewall team to assist

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

Shorewall 2.0.0 is now in Beta so this is a good time to begin thinking about preparing to migrate to the 2.0 Shorewall series. Shorewall 2.0 makes a number of incompatible changes in the configuration files. Luckily, you will be able to make changes ahead of time to your 1.4 configuration that will ease the migration when the time comes. a) Shorewall 2.0 doesn''t allow you to specify

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

Hello, I leave for a couple days .. (Well months) and look at what has happened. :-) I would throw my support in behind Xoops .. to be honest .. If a portal is what we are trying to achieve here. I just happen to think that sometimes .. More work goes into web design etc than goes into actual Code. But thats because I am a lamer at web design :-) I am coming in here a bit late .. But tell

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

Hello, With reference to the problems listed below. I too am having incredibly long start up times. I''m talking minutes here (around 5 minutes). My configuration is not complex I don''t think. We are you using ldap too and the settings are bellow. The network is up as I''m restarting shorewall whilst the machine is running. Any suggestions? Is there no way to

The params file appears to be simply "sourced" by the firewall script, which means one can put any Bourne shell code into it and it will execute it. This feature isn''t documented, so I''m wondering if it can be documented and thus guaranteed to always work. I''d like to dig out the IP parameters of my interface cards from the ifcfg-eth? files and set shorewall

As 2.2.0 is nearing release, I''ve begun to think about what I''ll do for 2.3 and I think that it is time for Shorewall to add support for IPV6. Because of parsing ambiguities, the need to maintain upward compatibility with both Shorewall and 6Wall, and different available functionality in IPV4 and IPV6 Netfilter, I believe that it is going to be necessary for some files to be

Hi, I''ve a little problem, I hope so.. First a hint, I haven''t a static IP - Adress and so I used a dyndns Provider. In DMZ runs a sftp server. It should accessible from net. My router is forwarding the traffic from port 22 to the machine in DMZ. Now, in basic installation I have rfc1918-dropping configured by net interface. My problem: If rfc1918 dropping is on I

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

Andy Wiggin has contribued a Python program that reads http://www.iana.org/assignments/ipv4-address-space and creates a list of reserved subnets suitable for inclusion in /etc/shorewall/rfc1918. The list produced by Andy''s program will be included in the rfc1918 file included in version 1.3.2 (it''s available now from CVS). Thanks Andy! -Tom -- Tom Eastep \ Shorewall -

Hi Folks, Can i transform my firewall into a bridge (Mean Nic to Nic), in the ethernet level (Not protocal, Ip''s etc) and also use shorewall ? Than make a Layer 2 Switch with netfilter rules to all Ip''s in my network ? I have 4 whole real classes and want to protect the people inside. With proxyarp works but sometimes fail (People loose connection etc) Just with switchs and my

Is my RFC1918 file obsolete? I have been assigned an ip in the 83.0.0.0/8 range, and of cource a lot of Shorewall systems drop me with a RFC1918 error. So, is my ISP actually giving me a RFC1918 IP, or am I missing something? .

Anyone know how/where we can get some? It has been raised before: http://lists.shorewall.net/pipermail/shorewall-users/2004-July/013594.html I''d like to see an IRC or Jabber service for both support and development. -- Paul <http://paulgear.webhop.net> -- Did you know? OpenOffice.org has built-in PDF creation. Better yet, it''s compatible with Microsoft Office, and

Hello, Usually when i''ve a hole to poke through firewalls, i have many hosts to update : workstation firewall, lan firewall, the other lan firewall, and the server behind the last firewall. all of them are managed with shorewall... Is there a smart way to update them all at once ? What you guys do on your firewalls ? thanks. -- xavier