similar to: Shorewall 1.4.3

The version of Shorewall in the \Shorewall CVS project has my next attempt at Fireparse integration. a) The LOGMARKER variable is gone and is replaced with LOGFORMAT b) LOGFORMAT contains a printf (1) formatting template that accepts three arguments: 1) The Chain Name 2) The Logging Rule Number within Chain 3) The disposition of the packet (DROP,REJECT,ACCEPT) c) To use Shorewall with

Given that there are new features and there are external changes to get around the Fireparse fiasco, I have called this release 1.4.4 rather than 1.4.3b. Problems Corrected: None. New Features: 1) A REDIRECT-rule target has been added. This target behaves for REDIRECT in the same was as DNAT-does for DNAT in that the Netfilter nat table REDIRECT rule is added but not the companion

This release just rolls up the fixes for the few problems that have surfaced in the first two to three weeks of Shorewall 2.2 availability. If 2.2.0 is working ok for you, there is no reason to upgrade. So far I''ve been very pleased with the stability of the 2.2 release and attribute much of that to the new release model. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.1

The Fireparse --log-prefix fiasco continues. Version 1.4.4a omits the logging rule number if the LOGFORMAT value does not contain ''%d''. The default value of LOGFORMAT is then changed to "Shorewall:%s:%s:" so that the maximum length of a short zone name is once again back at 5. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \

The first public Beta of Shorewall 1.3.12 is now available: New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the trace rather than up in the middle of it. 3) "shorewall

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

I''ve opened up development of Shorewall 4.1. While I had previously announced that Shorewall 4.1 would focus on IPv6, I have since learned that the netfilter team are developing ''xtables'', a unified IP0v4/IPv6 utility. It seems silly to spend the effort to add Shorewall support for IPv6 only to then have to turn around and convert it to use xtables. So I''ve

--==========1943392778========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Here''s another little patch that corrects a couple of silly mistakes. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net --==========1943392778==========

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

Anywhere that a syslog level can appear, you can now specify ULOG (must be upper case) and logging will occur to the ulog target. You can download ulogd from http://www.gnumonks.org/projects/ulogd. Only the ''firewall'' file is required. None of the comments in the other config files are updated yet but I''m working on it. -Tom -- Tom Eastep \ Shorewall - iptables

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 Problems Corrected: 1) IP ranges in the routestopped and tunnels files now work. 2) Rules where an IP range appears in both the source and destination ~ now work correctly. 3) With complex proxy arp configurations involving two or

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 See if this change to proxy arp is more palatable. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the trace rather than up in the middle of it. 3) "shorewall [re]start" has been speeded up by more than 40% with my

http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 New Features: 1. Previously, when rate-limiting was specified in /etc/shorewall/policy (LIMIT:BURST column), any traffic which exceeded the specified rate was silently dropped. Now, if a log level is given in the entry (LEVEL column) then drops are logged

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 Nothing Earth-shattering here and there is no reason to upgrade if you are not seeing one of the corrected problems. - ----------------------------------------------------------------------- Problems corrected in version 2.0.10 1) The

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

Hello, I tried Shorewall for the first time today. I am currently using an up-to-date installation of Debian Sid, which has shorewall 4.2.10, shorewall-shell 4.2.10 and shorewall-perl 4.2.10.1. I noticed that even though I had the following /etc/shorewall/policy file, iptables would still show LOG rules at the end of the INPUT and OUTPUT chains instead of ULOG rules. (Other logging related rules

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

A number of you are flailing around trying to get the subject combination to work. You should all be aware that there are parts of this that don''t currently work and that won''t work well until there are enhancements made to Shorewall (and probably to Netfilter). I. There is no clean way currently to support Road Warriors from a Masquerading Netfilter firewall/gateway. As

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The