similar to: Shorewall on Steroids

Carl Raeside wrote: > Tom, > > How is it going? Quick questions. > > 1. the link to the Mandrake rpms seems to not have the shorewall rpm in > it. http://www.monkeynoodle.org/comp/net/shorewall/ > > 2. this link seems to be dead any other sources ? Iproute ? > > Iproute ("ip" utility). The iproute package is included with most > distributions

Hello Shorewall gurus, as outlined on the shorewall site I have done the following after failure to install shorewall via the rpm: I have read all of the FAQ. I have read the quickstart guide with particular attention directed at the Mandrake solution. I have searched the mailing list archives (all old replies). I have studied the documentation index. I have previous experience using shorewall

There was an outage this morning at shorewall.net -- I attempted to install the latest 2.6.7 Debian kernel on my firewall and foolishly let the install process update my lilo.conf. That left me with *no* bootable kernel that was compatible with /sbin/iptables and the boot process hung at "shorewall start" no matter which kernel I tried to boot :-((( Took me a while to figure out how

Please excuse my ignorance as I''m a linux newbie. Basically I have a setup of an adsl ethernet modem (nated and then everything forwarded to the external ip of my Mandrake mnf firewall) connected to the mnf firewall which then connects to the lan. internet <--> adsl modem <--> mnf firewall <--> lan There''s only 2 nics in the mnf firewall so it''s a

The Shorewall project at sourceforge has been upgraded to Allura. If you have a copy of the git repository, you need to check out a fresh copy from the new locations: git clone ssh://teastep@git.code.sf.net/p/shorewall/code shorewall git clone ssh://teastep@git.code.sf.net/p/shorewall/release release git clone ssh://teastep@git.code.sf.net/p/shorewall/tools tools git clone

Hi all i am using shorewall firewall now, quite for a long time. everything works fine and i am very satisfied. but i have noticed one thing: when i try to use cuseeme or msnetmeeting i only can send video and audio signals but i can not receive any signals ... surely i have to open some ports or load a module. can anybody tell me what to do exactly? i am using shorewall firewall within mandrake

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

This release just rolls up the fixes for the few problems that have surfaced in the first two to three weeks of Shorewall 2.2 availability. If 2.2.0 is working ok for you, there is no reason to upgrade. So far I''ve been very pleased with the stability of the 2.2 release and attribute much of that to the new release model. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.1

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 Just a few bug fixes: * The following error message could appear during "shorewall stop" clear": local: lo:: bad variable name * * The rate limiting example in /etc/shorewall/rules has been changed to use the RATE

This release back-ports the DROPINVALID shorewall.conf option from 2.2.0. 1) Recent 2.6 kernels include code that evaluates TCP packets based on TCP Window analysis. This can cause packets that were previously classified as NEW or ESTABLISHED to be classified as INVALID. The new kernel code can be disabled by including this command in your /etc/shorewall/init file: echo 1

Note: Because of the short time that has elapsed since the release of Shorewall 2.2.0, Shorewall 2.0 will be supported until 1 December 2005 or until the release of Shorewall 2.6.0, whichever occurs first. http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 ftp://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool

This will be my last 2.2 release. It contains a couple of small bug fixes that I had laying around. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would still be used if the kernel supported it. 2) A typo in the ''tunnel'' script has been corrected

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 New Features: 1. A listing of loaded iptables kernel modules is now included in the output of "shorewall status". Problems Corrected. 1. Several problems associated with processing the IPSEC column in /etc/shorewall/masq have been corrected. -Tom --

My sincere apologies for the messed up 2.0.14. I didn''t realize that I had merged a change from 2.2.0 but hadn''t tested it. http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15 1. The range of ports opened by the AllowTrcrt action has been expanded to 33434:33524 to allow for a maximum of 30 hops. 2. Code mis-ported

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m hoping that this will be the last RC and that I can release 2.2.0 on February 1. I appreciate your help in testing this RC. http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC5 Problems Corrected: 1. The AllowTrcrt action has been changed to allow up to 30

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

Hiya, My two cents here .. I use a locked down Linux Sendmail relay (use sendmail null-client feature on any spare old server or PC) in my DMZ to relay Mail to the exchange server in my local zone. Its sort of the moat you have to cross over to get at the castle walls and the hot oil dumped on your head approach. Francesca C. Smith Lady Linux Internet Services 1801 Bolton Street # 1 Baltimore,

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

I forgot to add the last new feature to the previous announcement. Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2.

http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 New Features: 1. Previously, when rate-limiting was specified in /etc/shorewall/policy (LIMIT:BURST column), any traffic which exceeded the specified rate was silently dropped. Now, if a log level is given in the entry (LEVEL column) then drops are logged