Displaying 20 results from an estimated 10000 matches similar to: "ECN Enabled at Shorewall.net"
2005 Mar 30
1
RE: Shorewall and an inline IDS(snort-inlineorhogwash)
Plus I would like to let you know that it works like a charm.
Snort can now see those packets.
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of
Thibodeau, Jamie L.
Sent: Wednesday, March 30, 2005 9:25 AM
To: Mailing List for Shorewall Users
Subject: RE: [Shorewall-users] Shorewall and an inline
2005 Mar 30
1
RE: Shorewall and an inline IDS (snort-inlineorhogwash)
You are awesome!!!!
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom
Eastep
Sent: Wednesday, March 30, 2005 9:11 AM
To: Mailing List for Shorewall Users
Subject: Re: [Shorewall-users] Shorewall and an inline IDS
(snort-inlineorhogwash)
Tom Eastep wrote:
> Thibodeau, Jamie L. wrote:
>
2003 Mar 05
3
Shorewall 1.4.0 RC1
The first release candidate is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
The only change between Beta 1 and RC1 is that the ''check'' command is back
in RC1.
Function from 1.3 that has been omitted from this version includes:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4
2003 Feb 23
0
New in CVS
I''ve decided to make a late addition to 1.4.0.
A number of you have encountered a problem whereby TCP connections could
not be established to certain sites. The solution was to turn of
Explicit Congestion Notification (ECN -- RFC 3168).
I have added a facility whereby ECN may be turned off on a host or
network basis.
A new /etc/shorewall/ecn file (format is the same as
2003 Aug 28
0
[louisk@bend.com: snort, postgres, bridge]
----- Forwarded message from Louis Kowolowski <louisk@bend.com> -----
Date: Thu, 28 Aug 2003 11:37:42 -0700
From: Louis Kowolowski <louisk@bend.com>
To: freebsd-security@freebsd.org
Subject: snort, postgres, bridge
User-Agent: Mutt/1.5.4i
I've been prowling through the FreeBSD and Snort list archives in
search of information on setting up snort on a FreeBSD bridge(4)
that logs
2003 Feb 27
6
Shorewall 1.4.0 Beta 2
The second Beta is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Function from 1.3 that has been omitted from this version includes:
1) The ''check'' command is no longer supported.
2) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
2005 Jan 17
1
Shorewall 2.2.0 RC5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''m hoping that this will be the last RC and that I can release 2.2.0 on
February 1. I appreciate your help in testing this RC.
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5
Problems Corrected:
1. The AllowTrcrt action has been changed to allow up to 30
2005 Jan 12
1
Shorewall 2.0.15
My sincere apologies for the messed up 2.0.14. I didn''t realize that I
had merged a change from 2.2.0 but hadn''t tested it.
http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15
ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15
1. The range of ports opened by the AllowTrcrt action has been expanded
to 33434:33524 to allow for a maximum of 30 hops.
2. Code mis-ported
2007 Mar 26
0
Re: Expected handling of [SYN] when expecting[SYN, ACK]?
Hi Tom,
Many thanks for that, that''s really helped. Netfilter is indeed dropping
the packets as invalid.
Thanks and regards,
Frances
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: 23 March 2007 18:05
To: Shorewall Users
Subject: Re: [Shorewall-users] Expected handling of [SYN] when
expecting[SYN, ACK]?
Frances Flood wrote:
> Basically, if the
2004 Oct 14
0
Shorewall 2.1.11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11
In addition to correcting several bugs, this version adds the following
features:
1) The default Drop and Reject actions now invoke the new standard
action ''AllowICMPs''. This new action accepts critical ICMP types:
2014 May 07
1
[Bug 928] New: ECN: --ecn-tcp-ece and --ecn-ip-ect is not supported
https://bugzilla.netfilter.org/show_bug.cgi?id=928
Summary: ECN: --ecn-tcp-ece and --ecn-ip-ect is not supported
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
2004 Jan 12
0
Shorewall2 -- now running on gateway.shorewall.net
I''ve gotten the basic code working on my firewall.
So that I can quickly get back online if I screw up, I''m currently calling it
shorewall2. That way if it screws up I can just "shorewall restart".
/sbin/shorewall2 -- command interpreter
/etc/shorewall2/ -- configuration files
/usr/share/shorewall2/ -- shared files
Both Shorewall and Shorewall2 use the
2002 May 13
0
RE: [Shorewall-users] SMTP outbound problem (fwd)
> -----Original Message-----
> From: Tom Eastep [mailto:teastep@shorewall.net]
> Sent: Monday, May 13, 2002 9:05 AM
> To: Steve Herber
> Cc: Shorewall Development
> Subject: Re: [Shorewall-devel] RE: [Shorewall-users] SMTP outbound
> problem (fwd)
>
>
> On Mon, 13 May 2002, Steve Herber wrote:
>
> > I think we should add an FAQ entry for tcp_ecn.
> >
2002 Aug 07
2
Re: [Shorewall-users] Common Rules
John,
I''m taking the liberty of copying the Shorwall Development list since I
believe that these issues will be of interest.
On Tue, 6 Aug 2002, Links at Momsview wrote:
> Tom,
> I''m not sure if you ever saw this document but it describes some of the
> reasons you are seeing strange packets
> after setting up NEW not SYN
>
2014 Dec 03
0
tinc vpn: adding dscp passthrough (priorityinherit), ecn, and fq_codel support
On Wed, Dec 03, 2014 at 12:07:59AM -0800, Dave Taht wrote:
[...]
> https://github.com/dtaht/tinc
>
> I successfully converted tinc to use sendmsg and recvmsg, acquire (at
> least on linux) the TTL/Hoplimit and IP_TOS/IPv6_TCLASS packet fields,
Windows does not have sendmsg()/recvmsg(), but the BSDs support it.
> as well as SO_TIMESTAMPNS, and use a higher resolution internal
2005 Apr 07
4
Shorewall 2.2.3
http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3
ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3
Problems Corrected:
1) If a zone is defined in /etc/shorewall/hosts using
<interface>:!<network> in the HOSTS column then startup errors occur
on "shorewall [re]start".
2) Previously, if "shorewall status" was run on a system whose kernel
lacked
2004 Feb 10
0
ACK's overhead
Good day time!
We've noticed the following issue with Samba 3.0.1 on Linux. When SMB client
asks for the first time on FID for a locking or read request on an opened
file, it causes an ACK to be sent from client side. Windows server also
requests ACK BUT much more rarely.
Sending ACK causes additional overhead when working in heavy locking and
unlocking environment. Windows server
2004 Feb 20
0
FW: ACK's overhead (AGAIN)
Good day time!
We've noticed the following issue with Samba 3.0.1 on Linux. When SMB client
asks for the first time on FID for a locking or read request on an opened
file, it causes an ACK to be sent from client side. Windows server also
requests ACK BUT much more rarely.
Sending ACK causes additional overhead when working in heavy locking and
unlocking environment. Windows server
2003 Oct 30
0
Shorewall 1.4.8 RC1
10/30/2003 - Shorewall 1.4.8 RC1
Given the small number of new features and the relatively few lines of
code that were changed, there will be no Beta for 1.4.8.
I am particularly interested in people testing:
a) The interface to ''ftwall''
b) Handling of <zone>_frwd chains (those of you who had problems with
1.4.7b or that have reported extra rules in these chains).
2002 Aug 07
0
Re: [Shorewall-users] Common Rules
On Tue, 6 Aug 2002, Links at Momsview wrote:
> Tom,
> I''m not sure if you ever saw this document but it describes some of the
> reasons you are seeing strange packets
> after setting up NEW not SYN
> http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/ipta
> bles-tutorial.html#NEWNOTSYN
>
> If the section titled " State NEW packets but no