similar to: Shorewall 1.2.7

Shorewall 1.3.3 is now available for download. In this release: 1. Entries in /etc/shorewall/interface that use the wildcard character ("+") now have the "multi" option assumed. 2. The ''rfc1918'' chain in the mangle table has been renamed ''man1918'' to make log messages generated from that chain distinguishable from those generated

This is a bug-fix roleup together with changes to the way ICMP is handled= =2E 1) The ''icmp.def'' file is now empty! The rules in that file were required in ipchains firewalls but are not required in Shorewall. Users who have ALLOWRELATED=3DNo in shorewall.conf should see the Upgrade Issues. 2) A ''FORWARDPING'' option has been added to shorewall.conf.

Beta code is available at: ftp://ftp.shorewall.net/pub/shorewall/Beta http://www.shorewall.net/pub/shorewall/Beta In this release: 1. Entries in /etc/shorewall/interface that use the wildcard character ("+") now have the "multi" option assumed. 2. The ''rfc1918'' chain in the mangle table has been renamed ''man1918'' to make log

On Sat, 11 May 2002, Peter Käll wrote: > Hi! > > Thanks for the very fast help. Now it works. > > I downloaded the 1.2.13 version and the two interfaces example. The example > includes a common file without UPNP dropping. > > In the begining of the common file in the example it says "Shorewall 1.2". > the common.def files that comes the 1.2.13 version

This is just a role up of the "shorewall refresh" bug fix plus the change that reversed the order of "dhcp" and "rfc1918" filtering. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

As promised, 1.3.1 is now available: 1. The handling of "all <zone> CONTINUE" policies has been corrected. Use of these policies greatly simplifies whitelisting and other nested zone configuration. 2. Added an /etc/shorewall/rfc1918 configuration file for defining the behavior of the ''norfc1918'' interface option. -Tom -- Tom Eastep \ Shorewall -

Andy Wiggin has contribued a Python program that reads http://www.iana.org/assignments/ipv4-address-space and creates a list of reserved subnets suitable for inclusion in /etc/shorewall/rfc1918. The list produced by Andy''s program will be included in the rfc1918 file included in version 1.3.2 (it''s available now from CVS). Thanks Andy! -Tom -- Tom Eastep \ Shorewall -

The 1.2.7 release of iptables has made an incompatible change in the syntax used to specify multiport matches. As a consequence, users upgrading to iptables 1.2.7 must set MULTIPORT=No in /etc/shorewall/shorewall.conf. I''ll have an updated firewall script available in the next day or two. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \

1.2.8 is now available for download from my site and from Sourceforge. If you have installed 1.2.7 then before trying to restart under 1.2.8: a) Look at your /etc/shorewall/shorewall.conf file and note the directory= =20 in the STATEDIR variable. If that variable is empty, assume /var/state/shorewall b) Remove the file ''lock'' in the directory determined in step a. You

--On Wednesday, January 15, 2003 8:57 AM +0000 Julian Church <jc@ljchurch.co.uk> wrote: > Tom > > There''s no reason you should let a complete stranger question your better > judgement, but weren''t you supposed to be taking a break from all of this? > The problem I am having is "Now what do I do with myself in the early mornings and evenings?":

This is becoming a FAQ and should probably be added to the docs. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ---------- Forwarded message ---------- Date: Sun, 28 Apr 2002 16:09:01 -0700 (Pacific Daylight Time) From: Tom Eastep <teastep@shorewall.net> To: Carl Spelkens

---------- Forwarded Message ---------- Subject: Re: [Shorewall-users] strange UDP scan results on a Shorewall=20 firewall Date: Sun, 3 Mar 2002 08:33:20 -0800 From: Tom Eastep <teastep@shorewall.net> To: "Scott Duncan" <sduncan@cytechconsult.com> On Saturday 02 March 2002 04:30 am, Scott Duncan wrote: > Yes, the net->all policy is the same on all three (REJECT log

Shorewall 1.3.9 is available. In this release: 1. DNS Names are now allowed in Shorewall config files (I still recommend against using them however). 2. The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule. 3. Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. 4. The

Let me know if there are any problems. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Hi I''ve come accross a small problem with the rcf1918 address blocking on my internet interface. Im connected via a cable modem and it has an internel web server that allows me to configure/monitor it but as expected if I enable rfc1918 blocking for my eth0 interface(The internet one) it also blocks the cable modems web server. Is there any way it can add a rule before the rfc1918

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

---------- Original Message ---------------------------------- From: "Jim Van Eeckhoutte" <jim@vaneeckhoutte.com> Reply-To: <jim@vaneeckhoutte.com> Date: Mon, 8 Jul 2002 15:27:14 -0700 this is shorewall status output: tcp 6 431899 ESTABLISHED src=192.168.20.5 dst=64.4.12.45 sport=2185 dport=1863 src=64.4.12.45 dst=63.25.123.58 sport=1863 dport=2185 [ASSURED] use=1

In this release: 1. The ''try'' command now accepts an optional timeout. If the timeout is given in the command, the standard configuration will automatically be restarted after the new configuration has been running for that length of time. This prevents a remote admin from being locked out of the firewall in the case where the new configuration starts but prevents

Shorewall 1.2.4 will have the following changes: a) ''#'' comments now allowed at end-of-line in all config files. b) Firewall zone may be renamed c) Protection against concurrent state-changing operations (start, stop, restart, refresh, clear) d) ''shorewall start'' no longer fails if ''detect'' is specified for an interface with netmask

Apt-get sources are listed at: http://wecurity.dsi.unimi.it/~lorenzo/debian.html -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net