similar to: Shorewall 1.4.4a

Given that there are new features and there are external changes to get around the Fireparse fiasco, I have called this release 1.4.4 rather than 1.4.3b. Problems Corrected: None. New Features: 1) A REDIRECT-rule target has been added. This target behaves for REDIRECT in the same was as DNAT-does for DNAT in that the Netfilter nat table REDIRECT rule is added but not the companion

The version of Shorewall in the \Shorewall CVS project has my next attempt at Fireparse integration. a) The LOGMARKER variable is gone and is replaced with LOGFORMAT b) LOGFORMAT contains a printf (1) formatting template that accepts three arguments: 1) The Chain Name 2) The Logging Rule Number within Chain 3) The disposition of the packet (DROP,REJECT,ACCEPT) c) To use Shorewall with

Problems Corrected: 1) There were several cases where Shorewall would fail to remove a temporary directory from /tmp. These cases have been corrected. 2) The rules for allowing all traffic via the loopback interface have been moved to before the rule that drops status=INVALID packets. This insures that all loopback traffic is allowed even if Netfilter connection tracking is confused.

A fix is available at http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.5 If white space is included in LOGFORMAT then a startup error results. Either: a) Replace /usr/share/shorewall/compiler and /usr/share/shorewall/functions with the ''compiler'' and ''functions'' files from the errata/Shorewall/ sub-directory. b) Patch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.10 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.10 New Features: 1) Using the default LOGFORMAT, chain names longer than 11 characters (such as in user-defined actions) may result in log prefix truncation. A new shorewall.conf action LOGTAGONLY has been added to deal with this

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 Nothing Earth-shattering here and there is no reason to upgrade if you are not seeing one of the corrected problems. - ----------------------------------------------------------------------- Problems corrected in version 2.0.10 1) The

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

I found a minor problem in new logging system. New logging system limits zone-names effectively to 4 characters. If you have REJECT policy between 2 zones which have 5 characters long, here example ipsec zone, I iptables will give error because logprefix is limited to 29 characters. --log-prefix "Shorewall:ipsec2ipsec:1:REJECT:" So zone names should be limited to 4 characters or

Plus I would like to let you know that it works like a charm. Snort can now see those packets. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Thibodeau, Jamie L. Sent: Wednesday, March 30, 2005 9:25 AM To: Mailing List for Shorewall Users Subject: RE: [Shorewall-users] Shorewall and an inline

Thanks for such a quick reply Tom! Any suggestions then as to what I might do other than putting a second nic in the SBS and opening it up for web access? I don''t like the idea, but since MS SBS includes fireall that is actually what MS suggests. Boyd -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: January 3, 2005 3:05 PM To: Shorewall Users Cc: Boyd

Did I just read completely past this or is this an undocumented feature? Either way, thanks. BTW for my first attempt at a Linux firewall, this proved to be a challenge, but worth it. And most of the problems I''ve had are I/O (idiot operator) errors. Keep up the good work. Kev --- Message: 10 Date: Mon, 24 Feb 2003 06:20:00 -0800 From: Tom Eastep <teastep@shorewall.net> Subject:

The Shorewall project at sourceforge has been upgraded to Allura. If you have a copy of the git repository, you need to check out a fresh copy from the new locations: git clone ssh://teastep@git.code.sf.net/p/shorewall/code shorewall git clone ssh://teastep@git.code.sf.net/p/shorewall/release release git clone ssh://teastep@git.code.sf.net/p/shorewall/tools tools git clone

------------ Forwarded Message ------------ Date: Wednesday, January 29, 2003 9:27 AM +0100 From: Matthias Klose <doko@cs.tu-berlin.de> To: Tom Eastep <teastep@shorewall.net> Subject: shorewall on gibraltar Just a note, that gibraltar (www.gibraltar.at) now includes shorewall as an option (currently an 1.3.12 version). Gibraltar is a project that aims to produce a Debian

You are awesome!!!! -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, March 30, 2005 9:11 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Shorewall and an inline IDS (snort-inlineorhogwash) Tom Eastep wrote: > Thibodeau, Jamie L. wrote: >

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 Problems Corrected: 1. The "shorewall add" and "shorewall delete" commands now work in a bridged environment. The syntax is: shorewall add <interface>[:<port>]:<address> <zone>

Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2. If A is a user-defined action and you have file /etc/shorewall/A

This update will be of interest to you if you use dynamic zones or if you have an /etc/shorewall/start file and use the ''save'' command. http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.12 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.12 Problems Corrected: 1. A typo in shorewall.conf (NETNOTSYN) has been corrected. 2. The "shorewall add" and