similar to: Shorewall Support

This is a bug-fix roll-up. Problems corrected since 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when

quick background: RH9 (2.4.20-19.9) Shorewall 1.4.6a-1 ulogd 1.00 Shorewall is working properly. I''ve followed the FAQ instructions and everything appears to be setup correctly. The problem is that I''m trying to get ulog going...but I''m getting: # service ulogd status ulogd dead but subsys locked I''m not sure if I was suppose to, but I also manually created

Hi Tom and list, Still trying to set up Shorewall logging. I understand that Shorewall require syslog to get logging working, however I have metalog. Is this possible to use metalog as logging facility for Shorewall? I was reading http://www.shorewall.net/shorewall_logging.html and it describes other method ( ULOG ). I understand that I have to compile ULOG support in the kernel... where do I

Hello Everyone, This morning I received a personal email from a recent poster asking "Why is Mr. Eastep so mean?". The post went on to explain that I had responded abruptly to the person''s request for help and asked why I wasn''t more helpful to people attempting to understand something new. Good question. Over the last nine months, I have been struggling to deal with

It is with regret that I announce that Shorewall development and support is officially ended. Sean''s post has finally driven it home to me that in the long term, trying to support a project like Shorewall is impossible for a person of my personality and age. Sean -- please believe that this isn''t about you or your post -- your post was just the proverbial straw on this old

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

Hello - I am not a subscriber to the mailing, please email me with help at mfabache@yahoo.com My shorewall (v2.0.1) has been working wonderful for the past year. I just added my Vonage and cannot get the Phone Adapter to sync up (2 blinks (looking for IP)) All I have done is run an ethernet cable from the WAN outlet on the phone adapter to a lan port on the router. After googling, I found

Although the parameterized samples have allowed people to get a firewall up and running quickly, they have unfortunately set the wrong level of expectation among those who have used them. I am therefore withdrawing support for the samples and I am recommending that they not be used in new Shorewall installations. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \

2005/5/27, Paul Gear <paul@gear.dyndns.org>: > > I think a champion for the samples is just what we need right now. Tom > carried so much of shorewall completely on his own, but we can''t afford > to do that. We need each person to take responsibility in one > particular area, and then get in and *do* it. The samples are there in > CVS now

That could have gone smoother. I had many problems with the NFS install on my firewall then once I got the server back up, mail delivery was broken :- ( I still haven''t gotten ulogd to run under RH9.0 but everything else seems to be working ok... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

Evening all, First: Obligatory thanks to Tom. Shorewall is GREAT! I''ve got it on 3 machines now and love it. (Just because they are obligatory does not mean they are not heart-felt.) On my main web server, I am constantly scanning my log files for worm-signs. Requests for default.ida, any .exe, there are several others, you probably have your favorite. I got tired of doing it by hand

Hi, 1. We have 20+ VLANs behind shorewall firewall. We would like to distribute the Internet bandwidth to different VLANs having minimumm, typical and maximum values based on IP ranges after NAT e.g., 172.17.4.0/24. What rules need to be created to do so? 2. We also would like to time the access of internet of some of the VLANs, i.e., 172.17.4.0/24 should be allowed to access the internet only

Hi! Shorewall Users May I know ..what does it means ? Nov 5 12:43:34 netgw kernel: Shorewall:newnotsyn:DROP:IN=eth0 OUT= MAC=00:05:5d:4e:fc:62:00:d0:95:7a:d5:f1:08:00 SRC=210.59.230.239 DST=211.24.146.50 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=36787 PROTO=TCP SPT=80 DPT=20291 WINDOW=65160 RES=0x00 ACK FIN URGP=0 Best Regards, Support

Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a completely different network . That means the gateway of the External interface and the hosts in ProxyARPed DMZ zones are in different network. eth0 ---in 220.227.X.Y/30 -- shorewall external interface eth1 ---in 220.227.A.B/27 -- shorewall

Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has established a mirror of the Shorewall web site. http://italy.shorewall.net http://cert-it.dico.unimi.it/shorewall Thanks Lorenzo! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

I''m re-reading the section on dns names in the shorewall docs: "I personally recommend strongly against using DNS names in Shorewall configuration files. If you use DNS names and you are called out of bed at 2:00AM because Shorewall won''t start as a result of DNS problems then don''t say that you were not forewarned." Having been stung by this a few times

Hi! I installed shorewall shorewall-2.1.7-1 on a newly installed box. When using 1.4 versions I could enable shorewall in ntsysv, now shorewall doesn''t show up in ntsysv? I am running shorewall on a RedHat Enterprise Linux rebuild (www.taolinux.org). Is this a bug or a feature?

why say: Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Not available not available ? modules is loaded. or for rule = 0 ? TC_ENABLE=Yes say Error: Traffic Control requires Mangle

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The