similar to: does shorewall 2.2.x support new RedHat Enterprise Linux 4 ?

Is there any text console base config tool for shorewall ? I know that there is a webmin module but I don''t want to install webmin to minmize any security problem.

hi all, shorewall claim that support stateful connection. But I read the document, I can''t found any configuration on it like in iptables e.g. -m -state NEW, ESTABLISHED something like like. Is shorewall by default is staeful connection for any connectione.g. web, http

My firewall is using shorewall 3.0.x and CentOS Recently, I found that firewall is attaching from ARP spoofing.. There are a lot of "out of socket memory" in messages log ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and

Having study a number of documents on linux traffic shaper, I started to setup my shaping rules in my network. My linux box is running RH AS3 U3, shorewall 2.0.9. It is using PPPoE connected to the Internet firewall: eth0: connect to the adsl modem eth1: private net ppp0: virtual dial up interface for pppoe There is a ftp server on the private net It is listen for port 21 and configured

I read LinuxFest NW 2005 Presentation pdf. On page 32, mentioned it required patches on kernel 2.6.x and netfilter and It only said that SuSE 9.2 and 9.3 had patches on it''s stock kernel. I''m using Redhat AS 4. Anybody knows does the stock kernel and netfilter had theses patches patched ? or How should I know the kernel and netfilter had these patches applied ? thanks!

e.g. string-matching CodeRed or Nimda viruses before they hit your Web server. The following rules achieve this: # DROP HTTP packets related to CodeRed and Nimda # viruses silently iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \ --string "/default.ida?" -j DROP iptables -t filter -A INPUT -i $EXT_IFACE -p tcp \ -d $IP --dport http -m string \

as subject

My Internet gateway is using ADSL PPPoE connection with dynamic public IP assigned by ISP. My Internet gateway is Redhat AS3 U2, shorewall 2.0.9 As my ISP provided 4 simultaneous pppoe dailup connection for the same physical adsl line. My linux server can be configured for multiple pppoe connection i.e. ppp0, ppp1, ppp2, ppp3 Is it possible of shorewall to assigned say ppp0''s IP is

hi all, my linux internet gateway has one fixed public ip and there are several servers on the local net. how to config shorewall such that it can forward a port on the external int. to another port on to a server in local net. Simply speaking, external port http 8000 forward to internal port http 80 I used the DNAT to specify the source port as 8000 and dest port to 80 but it

I''m happy to see shorewall 3.0 is released. My server is running 2.4.6 and I want to upgrade to 3.0. What should I pay attention to upgrade to 3.0 ? ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache''s Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your

I read faq(1c) which can forward one port to another port like #ACTION SOURCE DEST PROTO DEST PORT DNAT net loc:192.168.1.3:22 tcp 1022 how about if I want to forward a range of port to a mchine ? my scenairo is there is a ftp server behind firewall and I use publish 8021 to public but the ftp is actually running port 21, so I added this rule DNAT

I found that I can''t initiate voice chat, video chat with other msn messenger even I opened all required ports which msn messenger needed,

I have two Internet connections which connected to different ISP. one is for normal usage , 2nd one is for backup fault tolerance how do I implement fault tolerence multiple internet connections in shorewall ?

So after reading the traffic control documentation at shorewall.net I am a little confused. I don''t understand how to use the tcrules file. What I would ideally like to do is setup htb on a per user basis (either by IP or MAC address). If anybody has any hints on the best way to do this or is willing to explain the use of tcrules file a little better (how I could mark it per IP or MAC)

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

Hello all -- I am trying to get Shorewall, ipsec and RedHat ES version 3 to cooperate. Before posting any specific problems, I thought I''d find out if I have the right stuff to work with. (I''ve gotten ipsec to work flawlessly with Shorewall using RH 8 and 9 kernels, so I have some experience with it. Shorewall 2.0.12 works fine on this ES 3 box, except for the ipsec part)

I am faced with a network that needs to autoswitch to isdn should T-1 go down. After a shorewall search it looks to be quite a deal with routing config with linux. Like scripts written to deal with knowing the T-1 is down. I looked into a cisco router that does this. around $3000 This network has used shorewall as the gateway for 4 years now. Currently Fedora as op. system. It appears to me

I did some looking on the mailing list archives and can''t seem to find exactly what I need, I''m also having troubles figuring this out on my own, so if anyone has any advice, tips, whatever, that would be great. I''ve got a machine with 3 network cards in it, one for a DMZ (with 3 machines on a switch each with a real IP address), one for the local network on a

Laurent Moix wrote: > Hi, > > I try to install shorewall 2.2 on suse 9.2. > > # rpm -ivh --nodeps /root/shorewall-2.2.1-1.noarch.rpm > Preparing... ########################################### [100%] > 1:shorewall ########################################### [100%] > shorewall: unknown service > shorewall: not a runlevel service > >

Anyone else seeing this?? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key