Displaying 20 results from an estimated 4000 matches similar to: "Shorewall 1.3.4"
2002 Nov 19
2
Shorewall operating status and how to stay "blocked"
Hi all,
I have just started using shorewall. So far so good. I have two
questions which I cant find an answer to either on the website or
googling.
They may be stupid so please forgive my ignorance.
1) What is shorewalls preferred operating status, running or stopped?
What I mean is, some firewalls start-up and run, and they do their
thing, then they stop. But the firewall is still really
2002 Jun 15
4
Serious Bug found in Shorewall 1.3.x
Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0
and 1.3.1. In both versions, where an interface option appears on multiple
interfaces, the option may only be applied to the first interface on which
it appears.
A corrected firewall script for 1.3.1 is available at:
http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall
and
2003 Jan 15
2
pppoe and /etc/shorewall/interfaces
I am a newbie to linux and shorewall. I am reading the shoreall
quickstart guides. I am a bit confused about the following statement:
----------- quote --------------
The firewall has two network interfaces. Where Internet connectivity
is through a cable or DSL "Modem", the External Interface will be the
ethernet adapter that is connected to that "Modem" (e.g., eth0)
unless you
2005 Mar 01
5
[Not Subcribed] Two-Interface sample file version - 2.0.1
Hello,
I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2
interface quickstart guide I download the 2.0.1 interface sample and untar
it.
"tar -zxvf two-interfaces.tgz"
Maybe a dumb question but I can''t find anything on Google or the Shorewall
mail archives that say anything about this. So I''m assuming its me. :P
But the
2005 Feb 01
1
New way to publish Shorewall errata
Beginning with Shorewall 2.2.0, I am no longer going to maintain the
Errata web page (http://shorewall.net/errata.htm). Rather, each
version''s download directory will contain:
a) A ''known_problems.txt'' file. This file will list all confirmed
problems and any corrections or workarounds available. You will notice
that the ''known problems'' file for the
2002 Jan 03
2
error starting shorewall
hi,
i installed and configured the shorewall-2.0.9 for standalone user
interface in fc2,then removed the stop ,stopped and the routestopped
files from the /etc/shorewall directory,and run the ''shorewall start''
command,at boot time the messages showing that it is not started,this is
the /var/log/messages output fore shorewall:
Jan 3 04:13:27 localhost netfs: Mounting other
2002 Mar 07
4
port forwarding not working!
Ok, I hate to be the newbie posting a dumb question, but I can''t get port forwarding to work...
in interfaces I have:
net eth0 detect dhcp
loc eth1 192.168.1.255 routestopped
in rules I have:
#
# Forward FTP connections to 2021 to 192.168.1.3
#
ACCEPT net loc:192.168.1.3 tcp 2021 21
So, the end result should be that
2002 May 24
1
whitelist
I looked at the 1.3 whitelist documentation and realized that the ops
example, while interesting in and of itself, did not do what I think a
whitelist does. Back to symmetry, if a blacklist is a list of sites not
allowed to connect in through the fire wall, maybe to a web server, for
example, then a whitelist should be a list of machines that are allowed to
access a service or services, again,
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
Hi. I set, for example, a rule with a host server:
Macro.http accept fw net:www.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall :
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
WARNING: Support for the detectnets interface
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
Hi. I set, for example, a rule with a host server:
Macro.http accept fw net:www.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall :
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
WARNING: Support for the detectnets interface
2005 Mar 15
2
New feature for Shorewall 2.2.3
The following is taken from the Release notes for 2.2.3 (which will be
released in a month or so).
2) There has been ongoing confusion about how the
/etc/shorewall/routestopped file works. People understand how it
works with the ''shorewall stop'' command but when they read that
''shorewall restart'' is logically equivalent to ''shorewall
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
I''m beginning to believe that the use of the last column in the rules file
to designate redirection/forwarding is too subtle for many users. For 1.3,
I think I''ll do something like the following:
Current rule:
ACCEPT net loc:192.168.1.3 tcp 80 - all
New rule:
FORWARD net loc:192.168.1.3 tcp 80
Current rule:
ACCEPT net fw::3128 tcp 80 - all
New rule:
REDIRECT net
2002 Oct 18
3
Potential serious problem with Shorewall.
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig05F2F5838E1DC28DCA5557B7
Content-Type: multipart/mixed;
boundary="------------040200040609050204020409"
This is a multi-part message in MIME format.
--------------040200040609050204020409
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
Using Mandrake 9.0 and
2003 Oct 29
5
shorewall question
I am currently using shorewall on leaf-bering. I have set it up with
keepalived to create a high availabilty firewall cluster. I have an odd
question in regards to shorewall. Currently in production I have
keepalived controlling shorewall starts and stops. If I remove this and
leave shorewall running on the backup firewall, will I run into any
problems with having the nat tables built out and
2003 Jul 25
16
"shorewall stop"
Although Shorewall provides safeguards against it, people seem to
regularly shoot themselves in the foot when doing remote system
administration. I''ve been thinking about this problem and wonder if a
change to the way that "shorewall stop" behaves might help.
Today, "shorewall stop" stops all traffic except to/from those
destinations listed in
2005 Mar 15
2
shorewall restart with keepalived (redundant firewalls)
Hello,
First , thanks to Tom for it''s great job ! Netfilter is really easy
and powerfull with shorewall.
So, I have configured two firewalls whith shorewall using keepalived
for the redundant VRRP stuff.
FW-a is MASTER and FW-b is BACKUP.
Everything works correctly and FW-b upgrade to MASTER when FW-a is
down or disconnected. FW-b downgrade to BACKUP when FW-a comes back.
But when I
2005 May 12
4
shorewall startup speed - an idea
Dear All,
I think I have a useful idea for how shorewall startup could be speeded
up in a more automatic manner. Apologies if this is daft, but I think it
might work....
Motivation: not all users understand the intricacies of shoreall beyond
using the distro setup tool. [And on this particular laptop, shorewall
takes 15 seconds during boot.]
I have already read this (about shorewall
2008 Nov 13
1
Error in RouteStopped, why happens!?
I get this enabling the option "routestopped" in my interface (eth0,
net, one interface):
Failed to apply configuration :
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
ERROR: Invalid Interface option (routestopped) : /etc/shorewall/interfaces (line 11)
Means that routestopped don''tt work, is it? Then, what could i do?
Thank you very
2005 Jan 07
6
Questions: place for doco, and routestopped during ''shorewall restart''
Hi folks,
A while back we had some discussions about integrating heartbeat and
shorewall. Thanks to your help and the excellent state of Linux
failover clustering, i''ve managed to install my high-availability
firewall. I know there''s already a howto for it at
http://www.xenos.net/library/hafirewall.html, but i thought i would
document my setup for others, since it''s
2002 Aug 22
3
Questions about NAT and MASQ and more
Hello,
I''m working on a Shorewall-1.2 setup on a _remote_ debian (woody)
firewall with several live web and mail servers behind it. I know doing
this remotely is a *really* bad idea, and I''d rather not be in this
situation, but so it goes... Worst case scenario, I lock myself out and
have to drive an hour to get physical access to the machine and restore
service. Anyhow,