similar to: Shorewall 1.3.2

Lorenzo Marignoni reports that the packages are available at http://security.dsi.unimi.it/~lorenzo/debian.html. Thanks Lorenzo! -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

This is becoming a FAQ and should probably be added to the docs. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ---------- Forwarded message ---------- Date: Sun, 28 Apr 2002 16:09:01 -0700 (Pacific Daylight Time) From: Tom Eastep <teastep@shorewall.net> To: Carl Spelkens

---------- Forwarded Message ---------- Subject: Re: [Shorewall-users] strange UDP scan results on a Shorewall=20 firewall Date: Sun, 3 Mar 2002 08:33:20 -0800 From: Tom Eastep <teastep@shorewall.net> To: "Scott Duncan" <sduncan@cytechconsult.com> On Saturday 02 March 2002 04:30 am, Scott Duncan wrote: > Yes, the net->all policy is the same on all three (REJECT log

The 1.2.7 release of iptables has made an incompatible change in the syntax used to specify multiport matches. As a consequence, users upgrading to iptables 1.2.7 must set MULTIPORT=No in /etc/shorewall/shorewall.conf. I''ll have an updated firewall script available in the next day or two. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \

This is a minor release of Shorewall which rolls up a number of bug fixes. New features include: 1. A NEWNOTSYN option has been added to shorewall.conf. This option determines whether Shorewall accepts TCP packets which are not part of an established connection and that are not ''SYN'' packets (SYN flag on and ACK flag off). 2. The need for the

Thank''s to Mike Martinez, the Shorewall Documentation is now available in PDF format at: http://www.shorewall.net/pub/shorewall/Shorewall_Users_Guide-1.3.2.pdf Thanks again Mike!! -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Ron and Steve, I am ready to begin the documentation changes for 1.3.2. Are you close to having any of your changes ready for release? If so, we can get those into CVS before I begin my changes -- if not, then I''ll go ahead and update CVS with the 1.3.2 material. Please let me know. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net

On Sat, 15 Jun 2002, Ron Shannon wrote: > > I am ready to begin the documentation changes for 1.3.2. Are > > you close to > > having any of your changes ready for release? If so, we can > > get those into > > CVS before I begin my changes -- if not, then I''ll go ahead > > and update CVS > > with the 1.3.2 material. > > > >

This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. ---1463811327-2097478821-1023027109=:9844 Content-Type: TEXT/PLAIN; charset=US-ASCII Here''s a version of /sbin/shorewall that has the ''logwatch'' command that

Shorewall 1.3.9 is available. In this release: 1. DNS Names are now allowed in Shorewall config files (I still recommend against using them however). 2. The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule. 3. Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. 4. The

10/30/2003 - Shorewall 1.4.8 RC1 Given the small number of new features and the relatively few lines of code that were changed, there will be no Beta for 1.4.8. I am particularly interested in people testing: a) The interface to ''ftwall'' b) Handling of <zone>_frwd chains (those of you who had problems with 1.4.7b or that have reported extra rules in these chains).

Let me know if there are any problems. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Currently at: http://shorewall.net/pub/shorewall/shorewall-1.4.8 ftp://shorewall.net/pub/shorewall/shorewall-1.4.8 Coming soon to a mirror near you. This is a minor release of Shorewall. Problems Corrected since version 1.4.7: 1) Tuomo Soini has supplied a correction to a problem that occurs using some versions of ''ash''. The symptom is that "shorewall start"

Shorewall 1.2.4 will have the following changes: a) ''#'' comments now allowed at end-of-line in all config files. b) Firewall zone may be renamed c) Protection against concurrent state-changing operations (start, stop, restart, refresh, clear) d) ''shorewall start'' no longer fails if ''detect'' is specified for an interface with netmask

Apt-get sources are listed at: http://wecurity.dsi.unimi.it/~lorenzo/debian.html -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped

The maintenance (adding RAM) took a little longer than I planned: 1) Shutdown - 1 minute 2) Open Case - 30 seconds At this point, I emember that I can''t add RAM to this box without removing the Mother Board (hinge-mounted in case) - slap forehead. 3) Remove cables, PCI NIC & MB - 2 minutes 4) Add RAM - 1 Minute 5) Get the %$#@ MB back in the case and aligned -- 15 Minutes 6)

Lorenzo Marignoni reports that: o Shorewall 1.2.10 is in the Debian Testing Branch o Shorewall 1.2.11 is in the Debian Unstable Branch Thanks, Lorenzo! -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

In this release: 1. The ''try'' command now accepts an optional timeout. If the timeout is given in the command, the standard configuration will automatically be restarted after the new configuration has been running for that length of time. This prevents a remote admin from being locked out of the firewall in the case where the new configuration starts but prevents