similar to: Latest Snapshot Warhing

The 1.4.6 version of Shorewall makes additional demands on the shell. I have found that both the RH9.0 version of ash and the version of ash that has long been available from the Shorewall download sites are *not* suitable for use with Shorewall 1.4.6. The LEAF Bering version of ash on the other hand works fine. Attached is a small shell program that will allow you to test your shell for

I have just uploaded a new version of the 2.0.2b .lrp: http://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp ftp://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp This version already includes the normal LEAF changes that are present in the shorewall.lrp distributed with Bering and Bering-uClibc. Thanks to K.-P. Kirchdörfer, future versions of the .lrp will

This is from Sean Covel: -------------------------------------------------------------------------- parsefw is a C program to parse Shorewall (netfilter) logfiles and display them in a pretty format similar to the old ipchains format. Some text is added about certain well-known destination ports, and they are linked to a FIREWALL FAQ website for further explaination. The original parsefw.c was

The version of Shorewall in the \Shorewall CVS project has my next attempt at Fireparse integration. a) The LOGMARKER variable is gone and is replaced with LOGFORMAT b) LOGFORMAT contains a printf (1) formatting template that accepts three arguments: 1) The Chain Name 2) The Logging Rule Number within Chain 3) The disposition of the packet (DROP,REJECT,ACCEPT) c) To use Shorewall with

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. New Features: 1) A ''newnotsyn'' interface option has been added. This option may be specified in /etc/shorewall/interfaces and overrides the setting NEWNOTSYN=No for packets arriving on the

--On Friday, January 24, 2003 1:59 PM -0700 Steve Fink <stevef@netvantix.com> wrote: > On Fri, 2003-01-24 at 08:31, Tom Eastep wrote: >> >> >> --On Friday, January 24, 2003 8:20 AM -0700 Steve Fink >>> <stevef@netvantix.com> wrote: >>> >>> http://leaf.netvantix.com/012303/swstatus.txt >>> >> >> It looks like your

>That should work, *IF*: > >a) hda5 is a FAT12/16 filesystem; >b) hda5 is <= cyl 1024. > > -hpa I got thinking booting off a logical partition might not be allowed, so I changed the LEAF/Bering logical partition to a primary, hda4. Then I ran "syslinux d:" from a Win98SE DOS-box to (try to) initialize the partition's boot record. And added this from a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this release: 1) Dynamic Ipsec Zones now work. 2) Output Traffic Accounting by user/group is supported (thanks to Tuomas Jormola). 3) The following negative test options are added in /etc/shorewall/ipsec and /etc/shorewall/masq: reqid!=<number> spi!=<number> proto!=esp|ah|ipcomp mode!=tunnel|transport

I have been using the LEAF Bering firewall for a year or so. It boots with Syslinux 1.75. But Bering is too large for a 1440KB floppy, so it formats the diskette as 1680KB. Recently I found a small Compaq 2266 box to replace a larger Compaq 7170 to run the firewall. But when I try to boot the Bering diskette on the 2266 I get the following message: Loading Linux ............ Boot failed:

While I was doing come compatibility testing with various shells, I noticed the following: Using /bin/sh (which is ''bash'' on my RedHat installation): Shorewall Restarted real 0m21.246s user 0m9.650s sys 0m11.460s Using /bin/ash: Shorewall Restarted real 0m9.054s user 0m3.880s sys 0m5.070s The version of ash that I used is the one available from the

Hi, I''m trying let the windows clients behind my leaf ( bering rc4) talk through msn messenger. I found linux-igd.sourceforge.net that seems to be the missing piece... I used the ideas from www.wix.net.nz/LEAF/glibc.html to build a leaf cd using the redhat 7.3 glibc ( It''s alot easier to test applications because I can simply copy the binary ( and the .so) on the bering

On Mon, 2004-12-13 at 11:03 -0800, Tom Eastep wrote: > On Mon, 2004-12-13 at 10:45 -0800, Tom Eastep wrote: > > On Mon, 2004-12-13 at 13:43 -0500, M Lu wrote: > > > Tom, can he specify openvpn twice in the tunnel file, e.g. > > > > > > openvpn:udp:5000 > > > openvpn:udp:5001 > > > > > > I think I had the problems with that so I use

Changes since Beta 1: Problems Corrected: 1. Corrected a problem in Beta 1 where DNS names containing a "-" were mis-handled when they appeared in the DEST column of a rule. New Features: 1. The limit of 256 addresses for an address range has been removed. Shorewall now decomposes the range into an optimal set of network/host addresses (see also the

I''m pleased to announce that Shorewall 3.4.0 Beta 1 is available at ftp://shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1 and at mirror sites world wide. The release notes can be viewed at ftp://shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/releasenotes.txt Release Highlights 1) Shorewall can now be taylored to reduce its footprint on embedded

After gaining some experience with the new release model, it has become apparent to me that a small adjustment is warrented. I previously announced that updates to the stable release would only contain bug fixes. I''m modifying that slightly to allow for small low-risk enhancements; large and/or risky enhancements will still be restricted to the development release. We have seen this

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Season Greetings to all Tom, in your faq, u have this noted: While I am currently using the HTB version of The Wonder Shaper (I just copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in the Wondershaper README), I treid this with wondershaper, using Bearing Leaf 1.0 stable i even changed the tc command to run_tc, and tried it in both angles, and i receive the following..

--On Wednesday, January 15, 2003 8:57 AM +0000 Julian Church <jc@ljchurch.co.uk> wrote: > Tom > > There''s no reason you should let a complete stranger question your better > judgement, but weren''t you supposed to be taking a break from all of this? > The problem I am having is "Now what do I do with myself in the early mornings and evenings?":

If you encounter strange problems with 2.1.2 and are using a shell other than bash, you might try installing the ''functions'' file from CVS Shorewall2/. It corrects a problem that I ran into with ''ash''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net