similar to: Re: Long Shorewall Startup Times Revisited

Hello, With reference to the problems listed below. I too am having incredibly long start up times. I''m talking minutes here (around 5 minutes). My configuration is not complex I don''t think. We are you using ldap too and the settings are bellow. The network is up as I''m restarting shorewall whilst the machine is running. Any suggestions? Is there no way to

I''ve tried googling and searching the archives for any mention of this. After updating my shorewall RPMs a little while ago I noticed that there was new options - the Actions.Drop and Actions.Reject functions. My shorewall config still starts up happily, but when it gets to the part where it processes those actions (which I don''t use!) I get a severe delay that can last from 15

We have been using Shorewall for years and are extremely grateful for the work that has been put into the system. It has never disappointed us once. For the first time this week, we have run into an issue. I am almost absolutely sure it has something to do with the configuration of the servers where it has been deployed. I am hoping someone on the list can assist. Some of our servers

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall

Laurent Moix wrote: > Hi, > > I try to install shorewall 2.2 on suse 9.2. > > # rpm -ivh --nodeps /root/shorewall-2.2.1-1.noarch.rpm > Preparing... ########################################### [100%] > 1:shorewall ########################################### [100%] > shorewall: unknown service > shorewall: not a runlevel service > >

Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has established a mirror of the Shorewall web site. http://italy.shorewall.net http://cert-it.dico.unimi.it/shorewall Thanks Lorenzo! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta3 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta3 Problems Corrected: 1. Missing ''#'' in the rfc1918 file has been corrected. 2. The INSTALL file now includes special instructions for Slackware users. New Features: 1. In CLASSIFY rules

Tomorrow morning, the following systems will be unavailable while I upgrade the OS on my firewall: a) shorewall.net b) lists.shorewall.net c) cvs.shorewall.net d) rsync.shorewall.net The upgrade will begin around 0700 PST (-0800) and will like take two hours or so. Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \

Dear All, I think I have a useful idea for how shorewall startup could be speeded up in a more automatic manner. Apologies if this is daft, but I think it might work.... Motivation: not all users understand the intricacies of shoreall beyond using the distro setup tool. [And on this particular laptop, shorewall takes 15 seconds during boot.] I have already read this (about shorewall

http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.14 New Features: 1. Previously, when rate-limiting was specified in /etc/shorewall/policy (LIMIT:BURST column), any traffic which exceeded the specified rate was silently dropped. Now, if a log level is given in the entry (LEVEL column) then drops are logged

This is the latest development release and may be found at: http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.1 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.1 This release changes the way that SAVE_IPSETS=Yes works to try to make it harder to shoot yourself in the foot. Read the release notes carefully. In addition, there are two problems corrected: 1) A typo in the

Beginning with Shorewall 2.2.0, I am no longer going to maintain the Errata web page (http://shorewall.net/errata.htm). Rather, each version''s download directory will contain: a) A ''known_problems.txt'' file. This file will list all confirmed problems and any corrections or workarounds available. You will notice that the ''known problems'' file for the

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC3 Just a few bug fixes: * The following error message could appear during "shorewall stop" clear": local: lo:: bad variable name * * The rate limiting example in /etc/shorewall/rules has been changed to use the RATE

The administrator of the main web/ftp site has informed me that the site is currently down. Until service is restored, you can use: http://www1.shorewall.net ftp://ftp1.shorewall.net Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

http://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0-RC1/ ftp://shorewall.net/pub/shorewall/2.4/shorewall-2.4.0-RC1/ The release notes are in the download directory. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

Shorewall 2.2.0 is now available from all download locations. Release notes may be found at: http://shorewall.net/pub/shorewall/2.2.shorewall-2.2.0/releasenotes.txt Be sure to pay careful attention to the section entitled "Issues when migrating from Shorewall 2.0 to Shorewall 2.2". I''ll continue to support Shorewall 1.4 for the next week or so after which time, support will

No need to upgrade to this release if you already have the new bogons file or don''t use that file. The primary change is a fix to the install.sh script which previously gave an error on a new install. http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.11 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.11 Problems corrected in 2.0.11 1) The INSTALL file now include special

You are awesome!!!! -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, March 30, 2005 9:11 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Shorewall and an inline IDS (snort-inlineorhogwash) Tom Eastep wrote: > Thibodeau, Jamie L. wrote: >