similar to: Warning of upcoming removal of ''logunclean'' and ''dropunclean'' interface options.

The current Shorewall release model has the following characteristics: a) The last two major releases are supported. b) Only the latest major release is actively developed. c) Bug fixes are available for the prior major release but only against the last minor release. d) The last major release is advertised as the "Current Release". I''m thinking of switching to a model that

Hi, all: This is just a note and suggestion, not a question; but I really like this system and thought it might be useful to others so I decided to share. Hope it helps someone, and comments or suggestions are always welcome. 1. Overview: Shorewall accepts traffic on ports that I consider "hostile" (i.e. ports on which I would NEVER expect to see connections) and redirects

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

If any of you have been so bold as to install the Shorewall CA Certificate in your browser(s), the current certificate will expire on 11/13. There is a new 10-year certificate available for installation at: http://lists.shorewall.net/Shorewall_CA_html.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

Thank you for your support. The next question: Is there a kind of common chain applied before ACCEPT policy? I want to DROP or REJECT Netbios traffic on most interfaces but do not want to repeat those rules in the rules file. Thanks, Boi -----Th?ng ?i?p chuy?n ti?p----- > From: Tom Eastep <tmeastep@hotmail.com> > To: Le.Hong.Boi@sg.netnam.vn > Subject: Re: Shorewall 1.4.6: common

Hello, If I set my network interface to have "logunclean" along with "dhcp,norfc1918,routefilter,noping,tcpflags", then when I connect to http://welcome.hp.com/country/us/eng/support.htm and choose any of the product I get this. logpkt:LOG:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00 SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239 ID=14025

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

I am a new user of shorewall, and am having some difficulty getting it set up on a new Fedora Core 3 system. When I run the shorewall script in the /etc/init.d the following errror message is received. tarting shorewall: ./shorewall: line 26: 10555 Terminated $exec start >/dev/null 2>&1 [FAILED]

Hi, I am running Gentoo 1.4, with the 2.4.19 vanilla kernel, and merged shorewall-1.3.9b. I have dropunclean set on eth0 in /etc/shorewall/interfaces. I double checked that I compiled "Unclean match support (EXPERIMENTAL)" into the kernel, but I still get "modprobe: Can''t locate module ipt_unclean" logged when I run ''shorewall status''. Does it

I don''t know whether this is the right place to ask, but kindly point me to an FM that I can R if it isn''t. My wife is creating lots of Kazaa traffic, and I am using rsync to create a full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and some other stuff. Clearly, when one is moving well over 100GB over a 128 Kbps link, this is going to take a

Hi every body. I'm having difficulties to setup my filters correctly and I really need some help. This is my environment: Mail that is received on the system passes through a sieve_before script that checks the message header for SPAM tag and store it into the "Junk" folder. If no spam tag is found, mail goes to inbox. My horde webmail is integrated with sieve, so this allow

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command.

Quoting Robert Schetterer <rs at sys4.de>: > Am 12.09.2016 um 15:07 schrieb Andre Luiz Paiz: >> Hi everybody. I'm having difficulties to setup my filters correctly and >> I really need some help. >> >> This is my environment: >> >> Mail that is received on the system passes through a sieve_before script >> that checks the message header for

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on

Dear group members. I work with Dovecot and Openldap authentication. Sometimes users change departments and we need to alter their homedir location. Every time this process is needed, I perform this steps: 1 - Change homedir location in openldap 2 - Move homedir folder to the new location 3 - Re-apply permissions 4 - Remove user index folder After I do that, users cannot authenticate unless

This is a roll up of the following fixes: * There is an updated rfc1918 file that reflects the resent allocation of 222.0.0.0/8 and 223.0.0.0/8. * The documentation for the routestopped file claimed that a comma-separated list could appear in the second column while the code only supported a single host or network address. * Log messages produced by ''logunclean'',

Another bug with similar symptoms to the last one has been found by Renato Tirol. The bug fixed by the earlier errata update affects the following options: dhcp dropunclean logunclean norfc1918 routefilter multi filterping noping The bug reported by Renato and fixed in the current errata update affects: routestopped The new update is available at:

Shorewall 2.0.0 is now in Beta so this is a good time to begin thinking about preparing to migrate to the 2.0 Shorewall series. Shorewall 2.0 makes a number of incompatible changes in the configuration files. Luckily, you will be able to make changes ahead of time to your 1.4 configuration that will ease the migration when the time comes. a) Shorewall 2.0 doesn''t allow you to specify

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and