similar to: The saga continues

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

10/30/2003 - Shorewall 1.4.8 RC1 Given the small number of new features and the relatively few lines of code that were changed, there will be no Beta for 1.4.8. I am particularly interested in people testing: a) The interface to ''ftwall'' b) Handling of <zone>_frwd chains (those of you who had problems with 1.4.7b or that have reported extra rules in these chains).

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

FYI This bug will prevent ''shorewall restore'' from working if you have "!<single IP address>" in the ORIGINAL DEST column. -Tom ---------- Forwarded Message ---------- Subject: [PATCH] Another iptables-save buglet Date: Wednesday 14 September 2005 15:09 From: Tom Eastep <teastep@shorewall.net> To: netfilter-devel@lists.netfilter.org The conntrack

This is a bugfix roll up of the following: 1) Tuomo Soini has supplied a correction to a problem that occurs using some versions of ''ash''. The symptom is that "shorewall start" fails with: local: --limit: bad variable name iptables v1.2.8: Couldn''t load match `-j'':/lib/iptables/libipt_-j.so: cannot open shared object file: No such

This fixes the problem in 1.4.7a where <zone>_frwd chains are missing required rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

Currently at: http://shorewall.net/pub/shorewall/shorewall-1.4.8 ftp://shorewall.net/pub/shorewall/shorewall-1.4.8 Coming soon to a mirror near you. This is a minor release of Shorewall. Problems Corrected since version 1.4.7: 1) Tuomo Soini has supplied a correction to a problem that occurs using some versions of ''ash''. The symptom is that "shorewall start"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

"Dark Ryder" has reported a bug in Shorewall 1.4.7; this bug is also present in Shorewall 1.4.8. The effect of the bug is that in DNAT rules that specify SNAT, the SNAT address can be effectively ignored in some cases. I have created corrected versions of the ''firewall'' script for both 1.4.7 (based on 1.4.7c) and 1.4.8; these corrections may be downloaded from the

On Tue, 2003-10-28 at 13:41, AdStar wrote: > Hi Tom, > > I''ve upgraded my firewall to 1.4.7c (and copied the firewall/functions from > the CVS over for the accounting names) > > I still get this reject in my logs. > Oct 29 08:35:08 pyro Shorewall:FORWARD:REJECT: IN=eth1 OUT=eth1 > MAC=00:02:b3:61:64:6e:00:02:b3:5f:c3:5c:08:00 SRC=10.0.100.11 DST=10.0.100.10 >

This release back-ports the DROPINVALID shorewall.conf option from 2.2.0. 1) Recent 2.6 kernels include code that evaluates TCP packets based on TCP Window analysis. This can cause packets that were previously classified as NEW or ESTABLISHED to be classified as INVALID. The new kernel code can be disabled by including this command in your /etc/shorewall/init file: echo 1

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8 Problems Corrected: 1. A typo in the /etc/shorewall/interfaces file has been corrected. 2. Previously, the "add" and "delete" commands were generating incorrect policy matches when policy match support was available. New

In the Shorewall/ CVS project: Problems Corrected: 1) There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" in the documentation and configuration files. 2) The description of NEWNOTSYN in

Thanks for such a quick reply Tom! Any suggestions then as to what I might do other than putting a second nic in the SBS and opening it up for web access? I don''t like the idea, but since MS SBS includes fireall that is actually what MS suggests. Boyd -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: January 3, 2005 3:05 PM To: Shorewall Users Cc: Boyd

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.8: 1) There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" in the documentation and

In policy $FW Net ACCEPT Dump.rar join THX -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 12 octobre 2006 21:22 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > >

Plus I would like to let you know that it works like a charm. Snort can now see those packets. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Thibodeau, Jamie L. Sent: Wednesday, March 30, 2005 9:25 AM To: Mailing List for Shorewall Users Subject: RE: [Shorewall-users] Shorewall and an inline

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall