similar to: IANA Reserved Addresses Tool

Hello all, The reserved addresses list seems to be in flux more lately. Since I have several servers that all run Shorewall, updating /etc/shorewall/rfc1918 has become a little tedious. I put together a shell script that can download the latest file, write a new /etc/shorewall/rfc1918 and restart Shorewall. I run this from a cron job and now don''t have to pay much attention to keeping

Hi I''ve come accross a small problem with the rcf1918 address blocking on my internet interface. Im connected via a cable modem and it has an internel web server that allows me to configure/monitor it but as expected if I enable rfc1918 blocking for my eth0 interface(The internet one) it also blocks the cable modems web server. Is there any way it can add a rule before the rfc1918

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems corrected since RC1: 1) The documentation of the USERSETS column in the rules file has been corrected. 2) If there is no policy defined for the zones specified in a rule, the firewall script previously encountered a shell syntax error: [: NONE: unexpected operator Now, the absence of a

--kXdP64Ggrk/fb43R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello everyone, I''m using Shorewall 1.2.12-1 on Debian 3.0, with the 2.4.17 kernel. I am seeing some interesting log entries, and after reading the documentation at Google and netfilter.org I have a couple questions. To begin, here are the entries I am

I just found this in my firewall log: May 10 08:58:00 fire2 kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth1 SRC=10.10.10.1 DST=192.168.0.3 LEN=66 TOS=0x00 PREC=0xC0 TTL=254 ID=37790 PROTO=ICMP TYPE=11 CODE=0 [SRC=X.X.X.X DST=65.108.14.222 LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=62741 PROTO=UDP INCOMPLETE [6 bytes] ] (bracketed source IP removed for anonymity - it is the public IP address of my

Is my RFC1918 file obsolete? I have been assigned an ip in the 83.0.0.0/8 range, and of cource a lot of Shorewall systems drop me with a RFC1918 error. So, is my ISP actually giving me a RFC1918 IP, or am I missing something? .

Hi, I''ve a little problem, I hope so.. First a hint, I haven''t a static IP - Adress and so I used a dyndns Provider. In DMZ runs a sftp server. It should accessible from net. My router is forwarding the traffic from port 22 to the machine in DMZ. Now, in basic installation I have rfc1918-dropping configured by net interface. My problem: If rfc1918 dropping is on I

I would like to suggest that if we modify the IANA registration of nut/3493, we do it formally using the official IANA form https://www.iana.org/form/ports-services , and that we agree on the form contents before submitting it. For example, who is the new assignee and who is the new contact? The last thing the IANA services manager needs is to talk to an unstructured crowd of us. Roger On

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

i am analyzing some data and have a question i hope someone can answer. i want to use this sort of model: lmer( y ~ x + (1 | ID ), family=binomial, weight=w) so i want to explore the relationship between y and x, with a random effect for each patient. my question is this. is this a sensible model to use when the number of observations for each patient ID is often one? I have 305 observations

IANA ups/401 was registered by Charles Bennett for "Uninterruptibe Power Supply" but I have been unable to find any details of any protocol that might have been developed. The IANA ups/401 contact address corresponds to Charles Bennett's employment by Ohio University as an IT technologist for the Chemistry and Biochemistry Departments. I believe Charles Bennet died in March

I''m sorry to have to bother the list with this, but I''m missing something obvious and my brain is cramping or something, I cannot find the answer... Here is an entry from my log file: Sep 16 11:12:34 fw kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=00:c0:9f:1e:fa:99:00:07:50:cd:a5:80:08:00 SRC=201.1.7.201 DST=208.10.57.129 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=11155 DF

Greetings, Yet another strange pattern of traffic is being halted at the shorewall firewall, but I have no idea what this is. IANA shows the ports unassigned, and a net search yields only some of the same questions - what is this port? There are two machines as SOURCE, on the same class C network, adjacent, even, sending one connect attempt to TCP port 32230 every five minutes. I''m

Hello, I am in the process of enhancing the work of Luiz Angelo Daros de Luca (https://github.com/luizluca/nut-snmpagent). For that matter, nut needs an official IANA enterprise-ID. Currently Luiz is using the enterprise-ID from his employer, which is obviously not a good idea. Does anybody mind if I apply for a ent.-ID for myself and assign nut a sub-ID from my ID given by IANA? Any better

A new rfc1918 file that reflects the recent IANA allocation of 222/8 and 223/8 may be found at: http://www.shorwall.net/pub/shorewall/errata/1.3.14/rfc1918 ftp://ftp.shorewall.net/pub/shorewall/errata/1.3.14/rfc1918 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To reflect recent allocations by the IANA, the following files are available: For Shorewall 2.0.0b and earlier: http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 ftp://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 For Shorewall 2.0.1 and later: http://shorewall.net/pub/shorewall/errata/2.0.10/bogons

Hi, thanks for a great piece of software! ...at the moment I have a commercial VPN box, which also acts as our firewall. I wish to replace this firewall functionality with a decicated Shorewall firewall, and use the VPN box only for VPN traffic. At the moment, this VPN/Firewall box is at an internet visible address, x.x.x.85 I wish to make the new Shorewall fireall x.x.x.85 and move the VPN to

On Wed, 11 Nov 2020, Jim Klimov wrote: > I agree with you. Probably similar could be done with stunnel, to avoid > maintaining in NUT a fast moving target of modern cryptography. And indeed it > may be better in terms of switching real deployments to new protocols if old > ones are deemed insecure, with implementations made by people hopefully better > knowledgeable about the

Hi I had this problem that shorewall blocks all traffic from net when norfc1918 rule is given to my eth0 (net ethernet card). I''ve added: run_iptables -I rfc1918 -s 192.168.7.10 -j ACCEPT To start file but that didn''t help. My configuration: ADSL modem has static 10.***.***.*** ip address to net (ISP does NAT conversion) and my modem does Nat conversion and my firewall eth0

Shorewall 1.3.3 is now available for download. In this release: 1. Entries in /etc/shorewall/interface that use the wildcard character ("+") now have the "multi" option assumed. 2. The ''rfc1918'' chain in the mangle table has been renamed ''man1918'' to make log messages generated from that chain distinguishable from those generated