similar to: Firewall failover

There was a lengthy power failure here in Shoreline this morning and my firewall did not come back up when power was restored. The firewall is now up and service to the server has been restored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hi all, http://www.hipac.org/index.htm I have just discovered this great project. It seems it surpasses standard netfilter in performance. The documentation states they are more or less compatible with standard netfilter, but anybody has tested if it is compatible with shorewall? Tom, have you? Regards -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL

Hi all, We want to do some stress testing of firewall configurations/hardware. We have discovered hping that seems a great tool for this, but funny enough Shorewall cuts it !!! even when you leave ports open :) So besides hping, any tool for this? Why is shorewall cutting this traffic? Thanks in advance. Regards. -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO

Hi all, I have seen Shorewall places the state verification rules (-m state --state ESTABLISHED,RELATED) as the first rule in a zone2zone chain. This means that state checking is done after all the rules involving from this zone to this zone. As you could have a lot of them, wont be better to place them just after checking the state is not invalid? This will mean a lot of packages will be

Hi all, I dont know if this problem is related to shorewall, but as here we have a lot of firewall experts ... :) We are using a Leaf box (1GHz 256MB RAM) for a network with normal traffic of about 6Mbps but peaks of up to 40Mbps. The chipset of the ethernets is a Realtek. We are experiencing some high latency high CPU usage issues (the CPU is at 90%) and we discovered the process

Hi all, Anybody has configured a Shorewall firewall to protect Citrix servers? Could you give us some clue on the rules you have to define? Citrix opens a connection from the inside to the outside from a different port (more or less like ftp) and seems not works. Regards -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO Tecnologia SL Telf.- 95 455 40 62 - 619 04 55 18

Hi all, I have found problems in p2p traffic detection. The ipp2p module works fine but in shorewall the rules written for this protocols never match because the initials p2p connection (login) match in ''-m state --state RELATED,ESTABLISHED -j ACCEPT'' rule before ''-m ipp2p --ipp2p -j DROP'' rule, so netfilter never filter p2p traffic. I have had to run

Hi all, First of all I repost this email in shorewall list as there are a lot of firewall experts here that might know what the hell i going on. We have also posted this on the linux bridge list (we needed acceptance first) and leaf list. Very thankful for your understanding. We are experiencing a very strange problem and would need some help. We have a Leaf / Shorewall based box (actually

I made an atempt to run snort_inline and shorewall on the same system but I could not get snort to see the packets. Maybe someone with a little more iptables knowledge could tell me what I''m doing wrong or if its possible to have the systems setup so that it places packets that the firewall would allow into QUEUE. After setting up and starting shorewall I then issue the following

I have configured it in the wine's config file as documented but the applications can't access any serial or parallel port what can be wrong? My config file is attached to this message. -- -- Jaime Alberto Silva Colorado Administrador servidores Linux grupo DESOFMAT Universidad Tecnol?gica de Pereira Pereira - Colombia ICQ# 75722794 AOL Messenger screen name: el mono jaime MSN/hotmail

I believe that 2.4.0 is about ready to be sent out the door. I''ve made a couple of small changes since RC2 but I don''t believe that they warrant another RC. There remains the issue of what to do about support for Shorewall 2.0 given that 2.2 has only been available since March. It would be my recommendation to make 2.4 the new "stable" release but continue to

Hi Tom and folks, There are some svn or cvs system for the shorewall-dev community?. If Tom want to leave the project for a while, maybe it will be necesary some cooperation system. Regards. -- Juan Jes?s Prieto - Consultor?a TI jjprieto@eneotecnologia.com http://www.eneotecnologia.com --------------------------------------- fingerprint: BFC2 0370 7708 F800 0BEC 60A4 EC71 4BB1 CC85 99F5

Is anyone using an inline IDS like hogwash or snort-inline to drop packets in a system running shoreline? I _think_ I see how to configure it, but I''d be really interested in finding a howto or something... Thanks! Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at

Hello List: Recently our shorewall FW server went dead (PS failure) & brought the entire system down. Luckily we are testing the FW and other servers, so we did not loose anything. Now we have decided to setup two Shorewall FW servers with a primary & another fallover FW server. I have done some research cruised the Internet and found that a product ''UCARP''

hi, there is no support for patch-o-matic netfilter modules. what i have to do if i want to use several patch-o-matic modules? which parts of code has to be changed and will that changed be included into the main shorewall tree in future or not? best regards claus

Hola, Alguien podría ayudarme en la siguiente cuestión: Trato de abrir múltiples archivos ncDF para dejarlos disponibles para trabajar luego con ellos. Intento hacerlo con un blucle pero no consigo lo que quiero. El código es el siguiente: setwd("/Users/jaime/Desktop/2008") a<-list.files() a library(ncdf) for (i in 1:length(a)) {

Hi, I was wondering if it's possible to separate elements in multiple rows that actually should appear in different columns. I have a file where in certain lines there are elements not separated, and they certainly should appear in different columns (an example of the file is attached). The point is that I do not want to manually add a space in the txt file, however, I did not

Hey guys, I''ve just built a sparc64 (Ultra/5) based firewall with ipp2p compiled as a module and I''m constantly getting the following message in my logs: Kernel unaligned access at TPC[100f8490] search_all_edk+0x20/0x4c [ipt_ipp2p] I''m running the following versions: - Kernel 2.6.22 - ipp2p 0.8.2-r4 - iptables 1.3.8-r1 Any thoughts?

Now that I've got the recent build of Icecast running (thanks everyone), I'm wondering about an OS X installer. Icecast would be even more palatable to the less-techy OSX users if there were an installer for the binary. As long as the installer checked for the dependent libs, everything would be straight forward. Has this been discussed before? Jaime Magiera University of Michigan

Hello I''m trying to install shorewall 2.0.10 install on slackware10 the installation script gives the following error (which is ok since slackware uses /etc/rc.d/rc.local) but then it doesn''t create the directories /etc/shorewall or /usr/share/shorewall root@brujula5:~/shorewall-2.0.10# ./install.sh Installing Shorewall Version 2.0.10 shorewall control program installed in