similar to: Block all - Allow only necessary

Hi, I''m trying to block Windows Messenger by Shorewall 1.4.10b, but I]m don´t have success. If the rules below, all access are blocked /etc/shorewall/rules # Windows Messenger Rules REJECT:info loc net tcp 1863 REJECT:info fw net tcp 1863 But if use the rules below, any access are allowed, why ???? /etc/shorewall/rules # Windows

Hi, I need to running snmpd at shorewall gateway (1.4.10g). How to make the rules necessary to do it ? I have 3 interfaces, eth0 (public), eth1 (private) and eth2 (dmz). When I runnig mrtg, I have this message: --- cfgmaker gw-host@localhost > ~netbox-sp/eth0.cfg --base: Get Device Info on gw-host@localhost: SNMP Error: no response received SNMPv1_Session (remote host:

Hi, I need to block eMule program. How can I make it ? Best Regards, Anderson.

Hi, I''m trying to configure QOS , but I''m don''t have success. My files: #/etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 256kbit 256kbit eth1 256kbit 256kbit eth2 256kbit 256kbit #/etc/shorewall/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth1

Hi, My Shorewall is 1.4.10g I have at internet network, rules to transparent proxy, as below: REDIRECT loc 3128 tcp www ACCEPT fw net tcp www I need to exclude a single IP address, for example, 172.16.20.135, from redirect rules, allowing to access internet without proxy. How to make it ? Best Regards, Anderson

Hi, I have this case: My Shorewall is a internet gateway: (fw) eth0 -> 200.209.100.0/30 (loc) eth1 -> 192.168.0.0/24 (dmz) eth2 -> 200.209.100.8/30 In the DMZ, I have another linux, with a web server too. eth0 -> 200.209.100.10/30 - running Apache at port 1700 eth1 -> 192.168.0.0/24 My problem is: I need to make a NAT, from my local

Hi Shorewall Users :) I have found shorewall firewall and seems to be interesting. I need to setup a configuration my my network users because i only have 50gb of traffic per month. I want to know if the shorewall can make a 48gb per month limit, but everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count. Can shorewall do that ? -- Sem Mais Rui Oliveira 351 - Portugal

Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP

I am running a Redhat FC2 server, which runs postfix for mail, Squid for proxy and samba as Domain Controller and file server. I installed shorewall-2.1.11-1. In the shorewall rules /etc/shorewall/rules I added the following for samba ACCEPT LAN $FW:192.168.100.1 tcp 139,445 ACCEPT LAN $FW:192.168.100.1 udp 137:139 ACCEPT LAN $FW:192.168.100.1 udp 445

Hi, like implementing this script with shorewall? -------------------------------------------- #!/bin/sh dig ads.web.aol.com | grep "ads." | grep -v \; | grep -v \< | cut -f5 | while read aolblock1; do iptables -A OUTPUT -p all --destination $aolblock1 -j DROP done --------------------------------------- Thanks, Aventino Faria

Dear All I have added the following line to /etc/shorewall/rules: ACCEPT net fw tcp 4662 However, the program aMule continues to give me the following error: NG : Your 4662 port is not reachable. Any further ideas? Thanks in advance, Paul

I''ve found the below rule, is it possible to use it with shorewall? I see how to setup the timing/rates but how to perform loggin of such action (a separate rule?). as an additional question is i possible to dynamically add hosts to blacklist and persist this between restarts? " SSH -A PREROUTING -m tcp -p tcp -d $EXTERNAL --dport 22 -m recent --rcheck --hitcount 3 --seconds 600 -j

I have a senario I hope one can help me out with... I have a range of Public IP Address 203,xxx.59.106-114 I have 4 internet servers that need to communicate to internal servers/clients 172.16.x.x/24 using port 80. These are Windows2000 servers (no software firewall solution) I have a 2nic shorewall device at present and ,as you know, I can only NAT 80 to one internal server. My immiediate

I just installed Fedora Core 3 uname -r 2.6.9-1.667 I got the latest shorewall''s rpm: http://www.shorewall.net/pub/shorewall/2.2/shorewall-2.2.0/shorewall-2.2.0-1 .noarch.rpm Made my changes Attempted to run shorewall and got: [root@demo shorewall]# shorewall start ERROR: Can''t find iptables executable I haven''t seen this before. I tried to go through all the

I have a fedora 3 with postfix and apache apache is ok, webmin is fine, etc no 25 or 110 ? kevin Jan 4 15:47:13 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:06:29:33 :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=33681 PROTO=TCP SPT=57621 DPT=25 WINDOW=2048 RES=0x00 SYN U RGP=0 Jan 4 15:47:20 ibm kernel:

Having moved from a "cascading LANs" configuration to two independent LANs on eth0 and eth1, I still get some "state INVALID" for which I am not sure what the cause is. Can somebody help me understand its probable origin? Thanks, Costantino [see attachment]

Having study a number of documents on linux traffic shaper, I started to setup my shaping rules in my network. My linux box is running RH AS3 U3, shorewall 2.0.9. It is using PPPoE connected to the Internet firewall: eth0: connect to the adsl modem eth1: private net ppp0: virtual dial up interface for pppoe There is a ftp server on the private net It is listen for port 21 and configured

Tom, I am NOT subscribed (yet). I dropped SuSeFirewall2 in favor of shorewall to get past the configuration hurdles I as experiencing. At the moment, when my SuSe 9.1 starts up, I can see shorewall processing the rules, policies, etc. and I see no errors and then moves on with the rest of the SuSe boot process . However, no traffic passes through using the rules. I run an iptables -L and I

Hi all in the ShoreWall community, [please CC me since I''m not on the list] I had been using FIAIF for a little while, and the setup of ShoreWall has been much easier, the config for each operation in one place, and I''m very happy with it. That said, it looks like one of the concepts could be taken a bit further. In this case, it is actions. To get the process started, I

Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has established a mirror of the Shorewall web site. http://italy.shorewall.net http://cert-it.dico.unimi.it/shorewall Thanks Lorenzo! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \