Displaying 20 results from an estimated 5000 matches similar to: "Proposed Shorewall 1.4.0 Content"
2003 Feb 21
0
Shorewall 1.4.0 Beta 1
The first 1.4.0 Beta is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Function from 1.3 that has been omitted from this version includes:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
2. Interface names of the form
2003 Mar 05
3
Shorewall 1.4.0 RC1
The first release candidate is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
The only change between Beta 1 and RC1 is that the ''check'' command is back
in RC1.
Function from 1.3 that has been omitted from this version includes:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4
2003 Feb 27
6
Shorewall 1.4.0 Beta 2
The second Beta is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Function from 1.3 that has been omitted from this version includes:
1) The ''check'' command is no longer supported.
2) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
2003 Jan 25
0
Shorewall 1.3.14 Beta 1
Beta 1 is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Features include:
1) An OLD_PING_HANDLING option has been added to shorewall.conf. When
set to Yes, Shorewall ping handling is as it has always been (see
http://www.shorewall.net/ping.html).
When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and
2003 Feb 08
1
Shorewall 1.3.14
Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for
helping with updating the sample configurations.
New in 1.3.14:
1) An OLD_PING_HANDLING option has been added to shorewall.conf. When
set to Yes, Shorewall ping handling is as it has always been (see
http://www.shorewall.net/ping.html).
When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and
2003 Jan 29
0
Thoughts on Shorewall 2.0
I''ve begun to think about 2.0. I would like to hear any ideas about what
you would like to see included. Before I decide what new things will be
implemented though, I want to nail down what WON''T be included. Here is my
list:
a) Old Ping Handling. There won''t be any ''noping'' or ''forwardping''
interface options and there
2005 Apr 07
4
Shorewall 2.2.3
http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3
ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3
Problems Corrected:
1) If a zone is defined in /etc/shorewall/hosts using
<interface>:!<network> in the HOSTS column then startup errors occur
on "shorewall [re]start".
2) Previously, if "shorewall status" was run on a system whose kernel
lacked
2002 Dec 22
2
maclist option -> sorry good ver.
Setting up MAC Verification on eth0...
Error: Interface eth0 must be up before Shorewall can start
my :
/etc/shorewall/shorewall.conf:
MACLIST_DISPOSITION=REJECT
MACLIST_LOG_LEVEL=info
interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net ppp0 217.96.90.242 noping
loc eth0 255.255.255.0 routestopped,maclistmaclist:
maclist:
#INTERFACE MAC IP
2003 Mar 11
0
Shorewall 1.3.14a
This is a roll up of the following fixes:
* There is an updated rfc1918 file that reflects the resent allocation
of 222.0.0.0/8 and 223.0.0.0/8.
* The documentation for the routestopped file claimed that a
comma-separated list could appear in the second column while the code only
supported a single host or network address.
* Log messages produced by ''logunclean'',
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
I''m beginning to believe that the use of the last column in the rules file
to designate redirection/forwarding is too subtle for many users. For 1.3,
I think I''ll do something like the following:
Current rule:
ACCEPT net loc:192.168.1.3 tcp 80 - all
New rule:
FORWARD net loc:192.168.1.3 tcp 80
Current rule:
ACCEPT net fw::3128 tcp 80 - all
New rule:
REDIRECT net
2002 Dec 19
0
Another Little Patch
--==========1943392778==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Here''s another little patch that corrects a couple of silly mistakes.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net
--==========1943392778==========
2002 Jun 17
0
Another 1.3.x Bug
Another bug with similar symptoms to the last one has been found by Renato
Tirol.
The bug fixed by the earlier errata update affects the following options:
dhcp
dropunclean
logunclean
norfc1918
routefilter
multi
filterping
noping
The bug reported by Renato and fixed in the current errata update affects:
routestopped
The new update is available at:
2002 May 14
4
Redirect loc::80 to fw::3128 not work
The rule:
ACCEPT loc $FW::3128 tcp www
doesn''t work propertly, the http access does not redirect
to squid but directly exit.
what''s wrong?
Thanks
-------
Dario Lesca (d.lesca@ivrea.osra.it)
--------------------------------------
@@@@@@@ this is my shorewall-1.2.13 config:
#[/etc/shorewall/common.def]-----------------------------------------------
2003 Mar 03
3
losing connection
Tom, or whomever reads this, when I say disconnect I mean close out IE6,
sorry for so unclear on this point. My IP address never changes unless I
unplug the modem. I have had the same IP address for ... well since I
had to reset it to hook it up to my Linux box.which was 2 weeks ago. If
I set DHCP on my eth1 interface that will contradict the static address
I have assigned to it,
2003 Dec 07
2
Re: [Shorewall-newbies] Re: Shorewall-newbies Digest; Problems with blacklist and nat !
Hello,
I have forwarded this to the shorewall-users list.
You will find better support for this obscure problem there.
Regards,
Alex Martin
http://www.rettc.com
Cristian Valentin Barean wrote:
> Hello !
> My name is Barean Cristian, and I have a network of 35 users, on a
> Linux Mandrake 9.2 server.
> As I was adding more users in my network, I found a problem with
2002 Dec 22
0
with maclist option can''t start
Setting up MAC Verification on eth0...
Error: Interface eth0 must be up before Shorewall can start
my :
/etc/shorewall/shorewall.conf:
MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=infointerfaces:#ZONE
INTERFACE BROADCAST OPTIONSnet ppp0 217.96.90.242
nopingloc eth0 255.255.255.0
routestopped,maclistmaclist:#INTERFACE MAC
IP ADDRESSES (Optional)eth0
2003 Jan 16
0
Jan 16 17:49:33 murowall kernel: Shorewall Shorewall:FORWARD:REJECT:IN=eth0 O UT=eth2
Marta,
As Alan pointed out the loc->net policy is Continue, it should probably be
loc->net ACCEPT.
This is from Tom''s Shorewall Documentation...
http://www.shorewall.net/Documentation.htm#Policy
CONTINUE - The connection is neither ACCEPTed, DROPped nor REJECTed.
CONTINUE may be used when one or both of the zones named in the entry are
sub-zones of or intersect with another zone.
2003 Jan 16
3
Jan 16 17:49:33 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SRC Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2
I have the problem when my localnetwork do telnet to the net
Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2
my files are the following:
policy
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
loc net CONTINUE info
loc fw ACCEPT info
loc loc ACCEPT
loc dmz ACCEPT info
fw
2003 Aug 25
5
Shorewall 1.4.7 Beta 1
http://shorewall.net/pub/shorewall/Beta
ftp://shorewall.net/pub/shorewall/Beta
Problems Corrected since version 1.4.6:
1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was
being tested before it was set.
2) Corrected handling of MAC addresses in the SOURCE column of the
tcrules file. Previously, these addresses resulted in an invalid
iptables command.
3) The
2003 Oct 06
2
Shorewall 1.4.7
Shorewall 1.4.7 is now available at:
http://shorewall.net/pub/shorewall/shorewall-1.4.7
ftp://shorewall.net/pub/shorewall/shorewall-1.4.7
It will be available at your favorite mirror shortly.
The release notes are attached.
As always, many thanks go to Francesca Smith for updating the sample
configurations for this release.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently