Displaying 20 results from an estimated 40000 matches similar to: "If you are planning to use dynamic zones...."
2002 Oct 01
0
Dynamic Zones
The version of Shorewall in the CVS development tree contains the first
implementation of dynamic zones. While these zones are aimed at IPSEC Road
Warriors, there is nothing ipsec-specific in the implementation except for
a small extension in the tunnels file.
There are two new commands: add and delete
shorewall {add|delete} <interface>[:<host or subnet>] zone
The interface
2002 Oct 01
0
Status of Dynamic Zones
It''s becoming clear that there will be a restriction on what should be
added to dynamic zones. In particular, you don''t want to add something to
a dynamic zone that is a super-set of an existing zone. Other than that, I
think the new code is working rather well with the latest CVS version.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \
2002 Apr 28
0
[Documentation] Re: [Shorewall-users] Logging is done to console (fwd)
This is becoming a FAQ and should probably be added to the docs.
Thanks,
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
---------- Forwarded message ----------
Date: Sun, 28 Apr 2002 16:09:01 -0700 (Pacific Daylight Time)
From: Tom Eastep <teastep@shorewall.net>
To: Carl Spelkens
2002 Mar 03
0
Fwd: Re: strange UDP scan results on a Shorewall firewall
---------- Forwarded Message ----------
Subject: Re: [Shorewall-users] strange UDP scan results on a Shorewall=20
firewall
Date: Sun, 3 Mar 2002 08:33:20 -0800
From: Tom Eastep <teastep@shorewall.net>
To: "Scott Duncan" <sduncan@cytechconsult.com>
On Saturday 02 March 2002 04:30 am, Scott Duncan wrote:
> Yes, the net->all policy is the same on all three (REJECT log
2002 May 29
0
If you have downloaded 1.3.0...
... using LATEST.rpm, LATEST.tgz, etc. then you probably downloaded 1.2.13
rather that 1.3.0. I''ve now fixed the problem.
Sorry for the screwup...
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Jun 15
4
Serious Bug found in Shorewall 1.3.x
Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0
and 1.3.1. In both versions, where an interface option appears on multiple
interfaces, the option may only be applied to the first interface on which
it appears.
A corrected firewall script for 1.3.1 is available at:
http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall
and
2002 Sep 29
3
Shorewall 1.3.9
Shorewall 1.3.9 is available.
In this release:
1. DNS Names are now allowed in Shorewall config files (I still recommend
against using them however).
2. The connection SOURCE may now be qualified by both interface
and IP address in a Shorewall rule.
3. Shorewall startup is now disabled after initial installation until
the file /etc/shorewall/startup_disabled is removed.
4. The
2003 Jan 24
0
Re: [leaf-user] Bering Multiple Internal Networks
--On Friday, January 24, 2003 1:59 PM -0700 Steve Fink
<stevef@netvantix.com> wrote:
> On Fri, 2003-01-24 at 08:31, Tom Eastep wrote:
>>
>>
>> --On Friday, January 24, 2003 8:20 AM -0700 Steve Fink
>>> <stevef@netvantix.com> wrote:
>>>
>>> http://leaf.netvantix.com/012303/swstatus.txt
>>>
>>
>> It looks like your
2002 Mar 11
1
Fw: Firewall and Port Forward Clash?
----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>
To: "Gary Gale" <gary@vicchi.org>
Sent: Monday, March 11, 2002 11:48 AM
Subject: Re: [Shorewall-users] Firewall and Port Forward Clash?
> Gary,
>
> ----- Original Message -----
> From: "Gary Gale" <gary@vicchi.org>
> To: "Shorewall Users List"
2002 Apr 10
2
Quick Start Guide
Version 1.0 of the Quick Start Guide and accompanying sample
configurations is available at:
http://www.shorewall.net/shorewall_quickstart_guide.htm.
Comments and suggestions are most welcome.
Thanks,
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Sep 16
3
Shorewall 1.3.8
This is a minor release of Shorewall which rolls up a number of bug
fixes.
New features include:
1. A NEWNOTSYN option has been added to shorewall.conf. This option
determines whether Shorewall accepts TCP packets which are not part
of an established connection and that are not ''SYN'' packets (SYN
flag on and ACK flag off).
2. The need for the
2003 Jan 25
2
Idle connections timing out
Hello,
I''m a Shorewall novice. I have a problem and I''m not quite sure
how to troubleshoot it.
I''m using a Mandrake 9.0 (Security Level "4") system, which came
with Shorewall. (I live in Lynnwood, not far from Shoreline, btw.)
Long lived but idle connections are dying. Examples are SSH
terminals where I don''t type anything, and IMAP connections
2002 Apr 16
1
SuSE RPM Available
Thanks to Stefan Mohr, a Shorewall 1.2.11 RPM package for SuSE is now
available. See http://www.shorewall.net.
Thanks Stefan!!
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Jul 16
1
Shorewall 1.3.4
Shorewall 1.3.4 is available:
1. A new /etc/shorewall/routestopped file has been added. This file is
intended to eventually replace the routestopped option in the
/etc/shorewall/interface and /etc/ shorewall/hosts files. This new
file makes remote firewall administration easier by allowing any IP
or subnet to be enabled while Shorewall is stopped.
2. An /etc/shorewall/stopped
2003 Jan 24
0
Also new in CVS....
When an interface name appears in the second column of an entry in
/etc/shorewall/masq, Shorewall will detect all hosts and subnets routed
through that interface and will masquerade traffic from those hosts and
subnets.
This is slightly more general than what I posted recently on the users list
since it uses the routing table rather than the IP configuration of the
interface.
Example:
2003 Jan 21
0
PDF Documentation now available on all mirrors
The PDF documentation is now available on all mirrors. The files are
located in the contrib/pdf directory.
Example:
http://www.shorewall.net/pub/shorewall/contrib/pdf
ftp://ftp.shorewall.net/pub/shorewall/contrib/pdf
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: teastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 May 14
2
Shorewall.net is back up
Let me know if there are any problems.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Nov 20
3
Spam vs. Viruses
I have purchased a license for Vexira MailArmor (an antivirus product) and
the good news is that it is installed and working at shorewall.net. The bad
news is that I have yet to get Vexira running together with SpamAssassin :-(
As things currently stand, list posts will be protected from viruses but
may contain Spam. I''ll continue to work to correct this situation.
-Tom
--
Tom Eastep
2002 Mar 01
0
Debian Packages for Shorewall 1.2.8 are available
See http://security.dsi.unimi.it/~lorenzo/debian.html
-Tom
--
Tom Eastep \ Shorewall -- iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Jan 26
1
Shorewall 1.2.4 Beta
Shorewall 1.2.4 will have the following changes:
a) ''#'' comments now allowed at end-of-line in all config files.
b) Firewall zone may be renamed
c) Protection against concurrent state-changing operations (start, stop,
restart, refresh, clear)
d) ''shorewall start'' no longer fails if ''detect'' is specified for an
interface with netmask