similar to: Shorewall 1.4.7 Beta 2

Shorewall 1.4.7 is now available at: http://shorewall.net/pub/shorewall/shorewall-1.4.7 ftp://shorewall.net/pub/shorewall/shorewall-1.4.7 It will be available at your favorite mirror shortly. The release notes are attached. As always, many thanks go to Francesca Smith for updating the sample configurations for this release. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently

Beta 1 is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Features include: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for helping with updating the sample configurations. New in 1.3.14: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

This fixes a problem discovered by Antonio Pallua. If ADD_SNAT_ALIASES=Yes, then the following entry in /etc/shorewall/masq generates a startup error: eth0 eth1 212.103.200.20-212.103.200.24 The problem also exists in 1.4.7 Beta 1 -- the ''firewall'' and ''functions'' scripts in CVS correct the problem in that version and I will include the fix in

My new DSL line came complete with a new Modem that is configured/monitored from a web browser. That inspired me to add a couple of new features to to the masq file which you can find in 2.1.1 (see attached release notes, New Feature 2). The modem has IP address 192.168.1.1 and is connected to eth0. My local network is 192.168.1.0/24 and is connected to eth2 which has IP address

Beta 1 is now available at: http://shorewall.net/pub/shorewall/testing ftp://shorewall.net/pub/shorewall/testing This is a minor release of Shorewall. Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) Where a list of IP addresses appears in the DEST column of a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 Problems Corrected: 1) IP ranges in the routestopped and tunnels files now work. 2) Rules where an IP range appears in both the source and destination ~ now work correctly. 3) With complex proxy arp configurations involving two or

http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ ftp://ftp1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ Coming soon to a Mirror near you. Problems corrected in 3.0.6 1) A typo in the output of "help drop" has been corrected. 2) Previously, ''shorewall start'' would fail in the presence of a network interface named ''inet''. 3)

I failed to save the changelog before creating the snapshot -- here it is: Changes since 1.4.5 1) Worked around RH7.3 "service" anomaly. 2) Implemented ''newnotsyn'' interface option. 3) Document range in masq ADDRESS column and suppress ADD_SNAT_ALIASES behavior in that case. 4) Enable ADD_SNAT_ALIASES=Yes for SNAT ranges. 5) Allow Shorewall to add aliases to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this release: 1) Dynamic Ipsec Zones now work. 2) Output Traffic Accounting by user/group is supported (thanks to Tuomas Jormola). 3) The following negative test options are added in /etc/shorewall/ipsec and /etc/shorewall/masq: reqid!=<number> spi!=<number> proto!=esp|ah|ipcomp mode!=tunnel|transport

Shorewall 1.4.6 is now available. Thanks to Francesca Smith, the 1.4.6 Sample configurations are also available. The release is currently available at: http://shorewall.net/pub/shorewall ftp://shorewall.net/pub/shorewall It will be available at the other mirrors shortly. This is a minor release of Shorewall. Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

David wrote: In the future, please send your problem report to the Shorewall Users list. If you are paranoid about posting your configuration to the list, you can send the dump OUTPUT to support@shorewall.net. > I recently installed Engarde Secure Linux, version 3.0.18.i868, on an HP > Pavilion 523n desktop PC. Has an AMD Athlon 2200+ processor. Nothing > else is installed on the

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta4 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta4 Problems Corrected: 1. A cut and paste error resulted in some nonsense in the description of the IPSEC column in /etc/shorewall/masq. 2. A typo in /etc/shorewall/rules has been corrected. 3. The bogons file has been updated. 4. The

Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. New Features: 1) A ''newnotsyn'' interface option has been added. This option may be specified in /etc/shorewall/interfaces and overrides the setting NEWNOTSYN=No for packets arriving on the

Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. New Features: 1) A ''newnotsyn'' interface option has been added. This option may be specified in /etc/shorewall/interfaces and overrides the setting NEWNOTSYN=No for packets arriving on the

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) A problem introduced in earlier snapshots has been corrected. This problem caused incorrect netfilter rules to be created when the destination zone in a rule was qualified by an address in CIDR format.

I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 New Features: 1. A listing of loaded iptables kernel modules is now included in the output of "shorewall status". Problems Corrected. 1. Several problems associated with processing the IPSEC column in /etc/shorewall/masq have been corrected. -Tom --