similar to: Shorewall 1.4.4

The version of Shorewall in the \Shorewall CVS project has my next attempt at Fireparse integration. a) The LOGMARKER variable is gone and is replaced with LOGFORMAT b) LOGFORMAT contains a printf (1) formatting template that accepts three arguments: 1) The Chain Name 2) The Logging Rule Number within Chain 3) The disposition of the packet (DROP,REJECT,ACCEPT) c) To use Shorewall with

The Fireparse --log-prefix fiasco continues. Version 1.4.4a omits the logging rule number if the LOGFORMAT value does not contain ''%d''. The default value of LOGFORMAT is then changed to "Shorewall:%s:%s:" so that the maximum length of a short zone name is once again back at 5. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \

Problems Corrected: 1) There were several cases where Shorewall would fail to remove a temporary directory from /tmp. These cases have been corrected. 2) The rules for allowing all traffic via the loopback interface have been moved to before the rule that drops status=INVALID packets. This insures that all loopback traffic is allowed even if Netfilter connection tracking is confused.

I found a minor problem in new logging system. New logging system limits zone-names effectively to 4 characters. If you have REJECT policy between 2 zones which have 5 characters long, here example ipsec zone, I iptables will give error because logprefix is limited to 29 characters. --log-prefix "Shorewall:ipsec2ipsec:1:REJECT:" So zone names should be limited to 4 characters or

Dear All, After installing Shorewall, on a router with 4 NIC, seems running ok. Next day, when connecting from clients, (MS) we keep getting ip conflict for non-conflicting ip addresses. Any help is appreciated. Detals of Startup: + shift + nolock= + ''['' 1 -gt 1 '']'' + trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9 + command=start +

A fix is available at http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5 If white space is included in LOGFORMAT then a startup error results. Either: a) Replace /usr/share/shorewall/compiler and /usr/share/shorewall/functions with the ''compiler'' and ''functions'' files from the errata/Shorewall/ sub-directory. b) Patch

Just some stuff that was laying around in CVS: 1. Added ''DNAT-'' target. 2. Print policies in ''check'' command. 3. Added CLEAR_TC option. 4. Added SHARED_DIR option. [teastep@wookie Shorewall]$ cat releasenotes.txt This is a minor release of Shorewall that has a couple of new features. New features include: 1) A new ''DNAT-'' action has been

Beta 1 is now available at: http://shorewall.net/pub/shorewall/testing ftp://shorewall.net/pub/shorewall/testing This is a minor release of Shorewall. Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) Where a list of IP addresses appears in the DEST column of a

I am puzzled. I started setting up a new box last week with Linux 2.6.10. Everything was working fine until I went to start shorewall, when all network traffic stopped. I have little doubt that it is because I missed something in configuring the machine. I''m running shorewall 2.2 and the zone, policy, and rules files are cut and paste from a machine that has been running for over a

Shorewall 1.4.6 is now available. Thanks to Francesca Smith, the 1.4.6 Sample configurations are also available. The release is currently available at: http://shorewall.net/pub/shorewall ftp://shorewall.net/pub/shorewall It will be available at the other mirrors shortly. This is a minor release of Shorewall. Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered

Hi all, I have a strange problem in trying to install a transparent proxy (in my internal net not on the shorewall server) according to the instructions as outlined in http://www.shorewall.net/Shorewall_Squid_Usage.html#Local My Network looks the following: Internal Net: 10.0.0.0/24 Squid Server listening on port 3128 (ip 10.0.0.152, DNS name server01) | |

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

I have a dsl modem and two static IP addresses: 66.17.65.22 and 66.17.65.161. I am using the standard configuration from the Shorewall Setup Guide for multiple IP addresses and modifications suggested by the Aliased Interfaces Guide. I want to set up a shorewall 2.08 router for my home (Fedora Core 2 / kernel 2.6.8-1.521). I want share an internet connection with some pc''son a local

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.10 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.10 New Features: 1) Using the default LOGFORMAT, chain names longer than 11 characters (such as in user-defined actions) may result in log prefix truncation. A new shorewall.conf action LOGTAGONLY has been added to deal with this

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 Nothing Earth-shattering here and there is no reason to upgrade if you are not seeing one of the corrected problems. - ----------------------------------------------------------------------- Problems corrected in version 2.0.10 1) The

I''v don all the work that was shown on the installation documentaion but It still can''t send PASV comands and ares up the is their somthing i''m missing from the Rules. ### # Shorewall version 1.3 - Rules File # # /etc/shorewall/rules REJECT:info loc net tcp 6667,137,138,139 REJECT:info loc net udp 137,138,139 #REDIRECT

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

Hi all in the ShoreWall community, [please CC me since I''m not on the list] I had been using FIAIF for a little while, and the setup of ShoreWall has been much easier, the config for each operation in one place, and I''m very happy with it. That said, it looks like one of the concepts could be taken a bit further. In this case, it is actions. To get the process started, I